The fact is, there is more attack surface than ever when employees work remotely en masse, and a basic understanding of cybersecurity issues is essential to helping ensure corporate safety. Here’s why.
When just a handful of workers were doing their jobs remotely, cybersecurity issues were a bit more isolated.
But when everyone is working remotely? Suddenly, those isolated issues become widespread. A recent study from VMWare found that 89 percent of respondents had experienced attacks realted to COVID-19 malware.
And because so many workers now find themselves in environments that aren’t controlled by the IT department, it creates a need for a general understanding of good cybersecurity practices.
A few considerations that associations should be aware of:
Good cybersecurity needs to be as basic as washing your hands. Part of the problem with cybersecurity in remote environments is that people who aren’t personally trained on the process can put such approaches on the back burner, which makes them more susceptible to attack. Jim Alkove, Salesforce’s chief trust officer, recommends getting employees up to speed on the basics. “I think the best thing that any business can do in securing yourself, especially as adapting to … this new work-from-anywhere environment, is to nail the basics,” Alkove explained in an interview with ZDNet. “There are a small number of really important cybersecurity hygiene actions, so think about it in the current climate as washing your hands from a cybersecurity perspective, that businesses can do to really eliminate the risk associated with a lot of common cybersecurity threats.”
It can help ease security complications caused by employee job-hopping. Even before the current crisis, people had a tendency to jump between jobs, and having employees work remotely can exacerbate problems caused by such transitions, writes Bob Evans in a blog post for the security firm RSA. “If WFH becomes our norm, then businesses need to address the ‘mover and leaver’ situation. Job-hopping is more prevalent today, and that trend and will continue into the future,” Evans says. “So, the ‘talent churn’ means companies must impart necessary cybersecurity training and hygiene during onboarding and offboarding.”
Cybersecurity issues can plague even more traditional experiences. If your users are traveling on dangerous parts of the information superhighway, it can put the work network in danger. But the problem is, sometimes the threat comes to you. For example, there was recently a vulnerability with the videoconferencing service Zoom in which the company’s vanity URL feature was used to impersonate business accounts. Properly training employees can help them distinguish threats far easier than they might be able to otherwise.
Using company-approved equipment can help limit problems. If a user is hopping onto the network with a laptop that is loaded with malware, it can cause problems for everyone else on the network. Jarrod Sadulski, a criminal justice professor at American Military University, recommends ensuring that employees are aware of the need to use employer-approved equipment, including laptops and VPNs. “This strategy is helpful because a corporate virtual private network (VPN) can be used, enabling remote employees to access secure end-to-end encrypted cloud resources from the company’s secure network,” Sadulski writes for InCyberDefense. “In addition, using a work-issued computer and VPN allows a company’s IT department to push security updates onto the remote computer and increase cybersecurity on the device. Even if a company computer is not utilized, a private VPN is a good cybersecurity tool.”