Working from Home? These are the Security Issues to Consider

Every day, more and more employees connect to the Internet for business purposes. While the “working from home” functionality may decrease the spread of the Covid-19, the increase of internet activity outside the corporate environment can bring different types cyber threats, attacks and incidents. The home users, of varying age and technical understanding, utilize a variety of corporate and personal devices in insecure public and home networks. And the cyber criminals already capitalize on corona fears and internet is drowning in corona related malware. What to do then? Most large contemporary companies have already the basis of a strong information security framework in place and the infrastructure to provide laptops to the employees. Despite the well-thought through security practices of the large firms, the sudden migration from monitored enterprise networks to unmonitored and frequently unsecure home Wi-Fi networks, reveals a large target for the opportunistic cybercriminals.

Unfortunately, small and medium companies may not be so well equipped. To them, working from home may mean responding to emails and making phone calls. Despite taking precautions, employees are not trained to think security outside the safety of the corporate office building. The home users find themselves outside the reach of perimeter-layer based security tools and are exposed to social engineering techniques such as phishing and spearfishing campaigns and network attacks. Let us not forget that all it takes is one phishing attempt to become successful.

Below are some tips that can help organizations and home users to secure your remote working:

• IT decision makers must implement a zero-trust network access, which includes support for managed, unmanaged devices and any application. Zero trust access means that a software service runs on the cloud or in the data center that makes applications become invisible and unexposed to the internet.
• Ensure the PCs have full disc encryption in case the device is stolen from home. Full-disk encryption ensures that the company’s data is not accessible. Enabling PC inactivity screen savers is another smart function that limits access to those opportunistic thieves.
• Chief information security officers should re-evaluate current data breach and incident response plans and ensure that the plans consider the impact of the pandemic on the staffing of security centers and the lines of defense. Considering that the management is working from home, response and availability can be severely decreased. To this end, the security centers must establish appropriate hygiene and frequent virtual meetings to connect with the staff working in isolation.
• Strong password policy and multifactor authentication ensures that access becomes harder and is by authorized users only.
• Employees could be requested to install the best encryption software and remote-wipe app on devices utilized at work, should they be lost or stolen. These extra steps may limit data loss and lead to augmented best practice.

A last recommendation for the corporate stakeholders: ask employees to risk-assess their remote working environments and consider mandating home monitoring cyber security applications that can provide threat and vulnerability incident notification and patching of expired software. This process leads to establishing a bring-your-own-device policy and plans.

Another option is for home users to change Wi-Fi passwords frequently and set up a separate Wi-Fi guest network for other members of the household. Why? Because cyber intruders can infiltrate your home devices and take over cameras, control smart televisions, steal your data, listen in to conversations and monitor-connected appliances.

Please also check out Cognizant’s general advice on keeping people healthy and business running during the pandemic.