Business continuity in the current COVID-19 environment depends on a highly functional remote workforce. According to the Bureau of Labor Statistics, only 29% of Americans were able to work at home before the pandemic. As the pandemic spread, the majority of employees began working from home, and even with workplaces opening in Texas, many are continuing to do so. The biggest surprise for many business owners is how well their employees are working remotely. As a result, some are considering significant changes in their policies going forward.
A remote workforce comes with increased risk, however well your employees may be working at home. Many organizations raced to virtualize and engage remote access solutions. As we addressed in our recent webinar, “Enterprise Cybersecurity Implications in a Remote Workforce World,” networks must be secure enough to withstand vulnerabilities from cybercriminals.
If you have some employees working onsite and others working remotely, how do you keep your business secure? What steps can you take to monitor the IT environment in a remote workplace? It can become increasingly more difficult to secure your business and, if applicable, to remain compliant with regulatory requirements.
Identifying Employer Risk
From email-based threats to end-point security gaps, hackers look for that one vulnerable point of entry to execute their attacks. Think in terms of an increased “attack surface.” Over the years, wireless networking, the Internet of things and mobile computing have made it easier for unauthorized users and attackers to enter your network and corrupt data. One of the main attack paths is a remote user’s system. Hackers and other cybercriminals can target an attack on users by gaining unauthorized administrative access or taking advantage of a system misconfiguration.
There are compounded risks to the organization when you consider employees’ home networks, personal devices, and all their connections with friends and family members. While most employers required the use of company resources prior to the pandemic, the swift change to shelter-in-place orders required business to be flexible and allow employees to use personal devices in order to work remotely. This exposes businesses to data management risk because they do not control the at-home setups of their employees.
On an enterprise level, employers should review firewalls and routers. If applicable, they should assess third-party vendors who manage data security and privacy needs for the company.
Organizations should utilize multifactor authentication when it is an option to thwart hacking attempts. Anti‐virus software should be scheduled to update automatically. Remember to run software updates—most successful cyberattacks occur because of a small security vulnerability.
Other actions include a review of remote access and network and an assessment of mobile device security and wireless networks. Training might be one of your best defensive actions.
Employee Training and Responsibility
Training is critical. End-users need to recognize phishing attempts or other social engineering manipulations. Are there strange pop-ups on their screen? Have they lost control of their mouse or keyboard? Are there suddenly new programs popping up on their computers? Spearfishing is a common trap because an email appears to come from a known or trusted sender, such as a bank asking for personal information.
Employees must be extra vigilant to malicious attachments and suspicious websites. Each remote worker has to be aware of insecure home networks and personal devices prone to malware attacks. Business owners may want to consider social engineering exercises to provide examples of spearfishing, vishing, customized attacks, and malicious sites.
All employees should understand the responsibilities and risks that come with working remotely. They must understand their role in protecting confidential information and recognize potential threats. The FTC has issued warnings about increased criminal scams associated with COVID-19. Most of the scams come in the form of emails, text messages, SMS, and IM. All links should be verified for legitimacy.
Free Risk Assessment
The future of the remote workforce will take into consideration worker productivity, the ability to collaborate with the team, and the ability to control risk. Employers should review all risk management policies and data management procedures. Look at the changes in the remote workforce as an opportunity to strengthen cybersecurity awareness and training at your business.
Goldin Peiser & Peiser is offering a complementary 30-minute risk consultation to organizations to assess their business security needs. Simply complete the information on the form, and a member of our assurance team will be in touch.
Questions about cybersecurity or other Fraud Prevention issues for your organization? Please contact Jason Cope at 214-635-2508.
Note: This content is accurate as of the date published above and is subject to change. Please seek professional advice before acting on any matter contained in this article.