Remote Workforce Cybersecurity Issues during a Pandemic
By Vince Mazza and Scott Saxe
April 15, 2020
The remote workforce trend is nothing new. On average, 3.6% of employees work at home full time and 43% part time; it’s not surprising that 75% of people in the US consider having the flexibility to work at home a valued benefit. Consequently, many companies have prioritized working from home and have invested in protected systems to allow remote access. While there have always been cyber-threats with a remote workforce, companies have accepted risk, limited remote access, or developed a comprehensive security strategy. Many felt the risk to their remote workforce was manageable with the systems they had in place.
The COVID-19 pandemic forced companies to instantly change their strategies as employees were forced to work from home. Most companies had no time to prepare for such an abrupt move and the overwhelming volume of employees connecting from outside the office. They certainly weren’t prepared for all the cybersecurity and liability issues that came with it.
OpenVPN reported in a recent study that 90% of IT professionals believe remote workers are not secure and over 70% think remote staff poses a greater risk than onsite employees. In fact, the FBI has indicated that they are seeing a 30%-40% increase in cyber-attacks over the last few weeks, which is unprecedented. With the average loss related to a cyber-attack costing $200,000, it’s no wonder that 60% of small businesses close within 6 months of an attack. Combine that with the economic strain we’ve seen from the pandemic, and most attacked small businesses won’t survive a month. A prolonged shutdown or cyber-attack is difficult for any business. The combination could be devastating.
Companies that don’t have the right cybersecurity strategies and defenses in place are much more vulnerable today than ever before. The larger than normal remote workforce is testing the limits of scalability and increasing vulnerability. For too many, it is impossible to manage.
Risks From Your Remote Workforce
Let’s take a deeper look at what the key cyber-threats are from a remote workforce and the best ways to mitigate risk.
Accessing sensitive data through unsafe Wi-Fi networks
Your employees could be connecting to their home wireless network or accessing their corporate accounts using shared or unsecured public Wi-Fi. Unencrypted connections such as these allow bad actors to exploit other vulnerabilities or harvest confidential information. For example, data sent in an unencrypted form in plain text might be intercepted and stolen by cybercriminals. For this reason, your employees should not be allowed to access any unknown Wi-Fi networks unless they are using a VPN connection or some other secure method.
Using personal devices for work
46% of employees admitted to transferring files between work and personal computers when working from home, which is not a secure practice.
If you allow employees to use personal devices for work, you need to be fully aware of the issues involved. For example, they may suddenly leave the company and hold on to the confidential information that has been stored on their device during their employment which may not allow you to get the chance to erase it.
Additionally, they may not be keeping their devices up to date, including anti-virus and anti-malware software, drivers, and firmware patches, which may open security holes in your environment. This is another reason why applying software patches in a timely manner to your network, internal and external, is so important.
You shouldn’t let your employees use their personal devices at work since it’s difficult for you to control what happens on their endpoints. While more difficult, particularly today, you shouldn’t let them work remotely on personal devices, where possible.
Opening phishing emails
Even after employee training, there will still be 5% to 8% that open dangerous phishing emails and click on attachments. While this will happen on-site and remote, remote employees are being targeted by hackers to steal their usernames, passwords and drop malicious malware and ransomware in your network. Your employees are eager for information about the COVID-19 outbreak and are more likely to open emails on this topic from “human resources” or “government agencies” without being as careful. Typically, 95% of cyber-attacks originate through email. Over the last 30 days, there has been a 667% increase in phishing emails and our email security team has seen a 250% increase in phishing impersonations. This presents even more risk to your organization.
Users should be cautious about what information they share on social media. There are phishing scams disguised as surveys shared by friends and family. Don’t be fooled into sharing information in a public forum that can be used against you personally and professionally.
Ignoring basic physical security practices in public places
Even if cybersecurity is our focus, we can’t completely leave physical security behind when it comes to your company’s sensitive information. For example, there are employees who may be talking loudly on the phone while working in public places (even while social distancing), expose their laptop’s open screen for others who may behind them to see or even leave their devices unattended.
Teach your employees the most basic security measures, even if they may seem like common sense at first glance. Devices should have a password required to log in and a timeout for locking when idle. Employees should exercise extra caution when working outside the home.
Create a work-from-home security policy
Even in the best of times, you need to protect your company’s private data even when you can’t fully control the devices used to access your network. The good news is that you can reduce cybersecurity threats with a remote workforce.
The first step is to create a security policy specifically designed for remote workers. Below are the essential security clauses that should be included in your remote work policy:
Define which positions are eligible for remote work.
As we eventually transition back to working at the office, this will be an important document to have.
Be transparent with your employees. Everyone should be aware which job functions can work remotely on an ongoing basis and which are not due to security reasons. Unfortunately, not every position is a good fit for remote work. This should be a guide not just for the employee, but for IT staff to identify strategies to improve access and security. As you’re seeing today, the more adaptable your work from home policy is, the better suited your business is for survival.
List the tools and platforms they should be using.
Your remote and on-site employees should be on the same page and use the same approved tools, such as cloud storage platforms, communication/video conferencing tools, project management tools, etc.
They should also follow the same policies and procedures related to physical and logical security and other technology best practices.
Give your employees steps to follow at the first signs of account compromise.
If they believe the company’s information has been compromised, they should have a clear guide to follow, such as where they should report the incident, be instructed to immediately change their passwords, etc. These steps should be included in their mandatory cybersecurity training, alongside other items such as how to create strong passwords. They should also have a process for reporting suspect emails and security risks. Engaged and aware employees are part of your cyber defense.
Solutions Your Remote Workforce Should Use To Increase Cybersecurity
Here are the fundamental tools that your organization needs now more than ever.
While security awareness training should be a key part of any company’s strategy, remote users present an entirely different level of vulnerability to an organization. The change from office to remote worker should necessitate another layer of training and awareness. During this health crisis, the timelines were too short to properly train the sheer volume of workers. It’s never too late, however, to implement training and awareness programs to ensure your users are equipped with the tools, and best practices, to effectively and securely work remotely.
Some email platforms come with a layer of online security to protect from phishing emails and alert employees when they receive an external email (which of course is ignored over time). However, it’s essential to add a layered approach, preferable one that uses artificial intelligence to identify and mitigate risk, as well as providing message/sender specific warnings to employees and IT staff.
Automated Network Vulnerability Alerts
Since 75% to 80% of data breaches originate from vulnerabilities to an organization’s network, it is imperative to regularly scan your externally facing systems. Having an early warning of vulnerabilities will allow you to proactively address open ports, install patches and secure access to your networks. For critical employees, it may be necessary to scan their remote devices, as well.
The simple combination of username/password is no longer enough to prevent unauthorized access. A unique specifically generated code or authentication device will add more complexity and act as an additional layer of security on top of your remote employees’ accounts. The more security layers in place, the less risk of a cyber-criminal gaining access to your sensitive systems. Employees should use a company approved authenticator app rather than SMS/text, which is more vulnerable to hacking/spoofing.
Besides multi-factor authentication your employees should also be using a password manager. Passwords should be unique and complex for each site and each application. Password managers will generate these types of passwords, store them, and securely retrieve them when required. This way, users will not need to remember all the different passwords they need and can easily manage password storage, expirations, and changes. By utilizing unique passwords for each login, any possible breach of those credentials is limited only to that specific account.
VPN connections are crucial when your employees connect to unsecured networks, such as Wi-Fi hotspots, even when they work from home. It’s recommended for your employees to be using your company’s VPN to be able to connect to your company’s internal services and applications.
For companies with more cloud-based services, a VPN is still recommended to keep the connections encrypted, but 3rd Party VPNs can be used to minimize risk and over congestion of company resources.
As more companies utilize cloud-based services, converging networking and security capabilities into a unified, cloud-native service makes it easier and less expensive for companies to safely connect people and services. SASE offers IT departments a way to reduce complexity within their internal environments while ensuring security and connectivity for remote users and the entire organization.
A firewall, when configured properly, will allow only specific access to and from your network, further improving your security posture. It is critical to maintain current and appropriate access control lists based on business requirements to ensure that access is limited only to required devices, ports, and applications. Firewalls are typically the first line of defense to protect the systems behind it from attack. While it may not be feasible or cost-effective to provide firewalls for every home user, having an added layer of protection will benefit both the employee and employer.
A strong EDR solution
Finally, your system administrators should always be able to see the exact details of your endpoints. It is recommended that you deploy a complete endpoint detection and response (EDR) solution, that will allow you to remotely prevent next-gen malware, data leakage, respond quickly to threats, and automatically manage software deployment and patching.
It is essential that you remain innovative and competitive in this difficult business landscape and allowing your employees to work remotely is a necessary step. Even after the outbreak comes under control, it’s likely that a third of employees will remain remote full time. With a newly remote workforce comes security risks that must be addressed immediately. It is critical for your IT staff to develop and maintain strategies, enforce policies, and remain vigilant about updates and changes to the workforce and systems. For those companies without the internal expertise, we recommend finding a trusted partner to help with your security posture.
About Guard Street
Guard Street, headquartered in Wheaton, IL is a high-tech cybersecurity and protection company arming businesses and consumers with world-class products built to protect what matters most. Guard Street products, Cyber Attack Protection Plan and Remote Workforce Cybersecurity, provide a full range of vulnerability alerts, incident response, email security and cyber liability insurance that empower our customers to be less vulnerable to cyber risk and help ensure that organizations recover when they are a victim of a cyber-attack. Learn more at www.guardstreet.com or engage with us on our social media pages below.
© 2020 Guard Street Partners, LLC.