Many companies have made the unprecedented decision to close their doors or keep essential staff in-house temporarily. Others have instructed the entire organization to work-from-home (WFH) due to the COVID-19 pandemic. Now, an entirely new set of pressures is pulling for your attention:
- How can your employees securely access the company network and resources as they WFH?
- Are they using a personal or a company-owned PC or laptop?
- Are my employees sharing their work PC with their children for distance learning?
- How will collaboration and meetings be carried out each day?
With so many new changes happening at once, don't let the cybersecurity of your work-from-home staff be an afterthought.
According to the Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, hackers are targeting at-home workers who may be using unsecure virtual private networks (VPNs) and unpatched or obsolete/unsupported operating systems (Windows 7 or XP). This news should come as no surprise, but it is more important than ever to reassess those recent, short-term decisions that helped get your workers up and running remotely.
Here are some points to consider when evaluating if the right security measures are in place for a longer-term solution.
Do you know or trust the devices used by your remote staff? If a company-issued laptop and PC are in place, then you know the patching and anti-virus software that is keeping them secure. However, it may be the case that only some employees have company hardware, and the rest are using personal computers. Employee-owned devices can be the most vulnerable to cybercriminals as they typically lack the necessary cybersecurity tools to protect your business and its critical data.
Most organizations have a virtual private network (VPN), remote Citrix access, or another remote connectivity tool in place to allow staff secure access to the company network when working remotely or WFH. All networks are configured differently, which includes the level of cybersecurity placed on the network perimeter (the secure boundry between internal assets and the outside world). One simple added security measure that is often not deployed is Multi-Factor Authentication (MFA), which uses multiple verification methods upon login such as a password coupled with a rotating pin or biometric (fingerprint) to authenticate the users' login credentials. MFA isn't just for your cloud apps, like Office 365, it's equally important at your network's perimeter. As part of your long-term cybersecurity strategy, it is vital to enable this function within your organization to keep cybercriminals at bay.
One element of WFH or remote work that will become more important than ever is team collaboration and comradery. Face-to-face interactions, weekly staff meetings, even virtual "Happy Hour" have become part of the WFH culture. Do you have a communication/collaboration application in place? Employees should be encouraged to use video collaboration daily. If critical documents and files are being shared freely through these apps, it is important to know that the built-in cybersecurity of many collaboration apps is basic. Just like with email, proper cybersecurity measures should be implemented. Check with your IT professional to see what collaboration tools you have in place that can be trusted. For example, if you are an Office 365 customer, you already have the Microsoft Teams app, which is a trusted and powerful collaboration tool.
By now, your staff has probably settled into working from home, and now is a great opportunity to reevaluate the short-term set-ups that enabled your remote workforce. Is there room for improvement when considering your long-term cybersecurity strategy? A trusted IT partner can help your business evaluate what is in place and offer suggestions on the right steps to secure your organization. There is a significant risk in getting this wrong, and cybercriminals are using this crisis as an opportunity to fool and exploit your staff.
If you'd like to discuss ways your business can secure its remote workforce, reach out to Systems Engineering at email@example.com, or 888.624.6737. Customers, please reach out to your Account Manager.
Erik Thomas leads the Advisory Services group at Systems Engineering. Erik has over a decade of experience with IT, application development, and business operations. His group assists clients with the planning and implementation of IT systems, business development, cybersecurity risk assessments, and addressing regulatory compliance for businesses.