Whitepaper: Working from home and cyber risks

INTRODUCTION 

We are all navigating an unprecedented time in our history amid the COVID-19 pandemic. Employers across the globe have transitioned their workforces to work from home. With a large number of employees working remotely, there are significant security risks around home cyber devices and equipment. Cybersecurity can be a major challenge for organizations, as some may lack policies, technology, and training to secure a solely remote workforce.  

Your organization and workforce are likely going through a great deal of upheaval in a short time. We recommend developing creative solutions and embracing the opportunities created by our ever-changing environment. It is more important than ever to ensure your workforce has a baseline of cybersecurity knowledge to mitigate risk. Use these facts and tips as a starting point for your internal efforts to support and train your workforce on the critical cyber risks of remote work. 

CORONAVIRUS CYBER CRIME IS ON THE RISE

The COVID-19 pandemic is spurring anxiety around global health and cybercriminals are taking advantage of the panic to exploit unsuspecting individuals. A variety of malicious campaigns, including email spam, Business Email Compromise (BEC), malware, ransomware, and malicious domains, are on the rise. These hacking emails contain personal information and payment requests, as well as attachments or links to fraudulent websites that contain malware that claims to have relevant information about the virus. In early March 2020, 4,000 new website domains related to the coronavirus were found, with three percent containing malicious software. The sophistication of these cyberattacks varies widely; however, they are a growing concern for all online users. 

To protect yourself on public WiFi networks, connect to a Virtual Private Network (VPN). A VPN encrypts your online connection to secure it as well as protect your data and privacy. VPN usage is steadily increasing, with more than 26 percent of all global internet users relying on VPN services. The rise in VPN usage is due to the increased adoption of smartphones and online usage for business transactions and remote work. VPNs create a layer of online protection when accessing public WiFi networks for personal or employment needs. 

UTILIZE SECURE & APPROVED CLOUD-BASED SERVICES

As we navigate the ever-changing environment, the ability to work anytime, anywhere, on any device is more critical than ever. Cloud-based services, like Office 365, enable information to be shared and available for access across multiple devices. This collaborative tool protects employee endpoints and ensures confidential information is not stored locally. In 2019, a cloud service hosted 60 percent of workloads. For reference, the cloud-hosted 45 percent of workloads in 2018. Cloud-based services are already mainstream. Investing in these platforms gives your employees the tools they need to do their job safely and efficiently. 

SOFTWARE UPDATES

Your workforce’s computers, mobile devices, and programs must be all running the most up-to-date version of the software. When it comes to cyber attackers, they are continually looking for new vulnerabilities and security holes in the software on your devices. Once hackers discover a vulnerability, they use programs to exploit them and hack into your devices. Meanwhile, the software companies are working on their end to fix the vulnerabilities by releasing software updates. Ensuring your online devices are continuously updated, makes those devices more difficult to hack. An easy way to activate software updates is by turning on automatic updates on all devices. This rule pertains to any device that’s connected to a network, including not only work-related devices but Smart TVs, security cameras, gaming consoles, cars, and home routers. 

PASSWORDS

While passwords may be considered a “hassle,” they help keep private information secure online. When a site asks you to log in and create a password, create a strong password. The more characters (a mix of letters, numbers, and unique characters) a password has, the stronger it is. This year, the number of passwords used among humans and machines across the globe will hit a staggering 300 billion. All of these passwords need to be protected. 

Moreover, using a passphrase, a mix of multiple words, such as “pollen bee flowers,” is an easy way to ensure you have a strong password. Keep in mind that you should use a different passphrase for each online account. If you’re concerned about remembering all your passphrases, a password manager like LastPass is a specialized platform that safely stores all your passphrases in an encrypted format. 

Finally, enable two-step verification, also known as two-factor or multi-factor authentication, whenever possible on all your devices. Two-step verification is an extra layer of security that proves the person logging into an account or device is you. If someone steals your password, the individual won’t be able to access your information without a separate authenticator, such as a code sent to your smartphone or an alternative device. Activating two-step verification for your online accounts is one of the essential steps in protecting your online account information. 

PROTECT YOUR WORKFORCE’S EMOTIONAL SECURITY

Especially in the time of a sudden change and shift to remote work, it’s critical to foster a sense of care and concern for your employees and acknowledge their anxieties, fears, and struggles. Open up the lines of communications with your workforce and regularly check-in to see how they’re doing. Set a reminder on your calendar to touch base with your workforce. A check-in could be as simple as asking, “How is the remote work shift working out for you?” Listen to what they have to say as these could be similar concerns other employees haven’t yet shared. Let them know that you are available to support them in any way possible. It’s vital to demonstrate encouragement to your team and that you’re all in this together. With this support, your workforce is likely to feel a strong sense of togetherness to focus on their work. 

CONCLUSION 

This pandemic is a unique time in our history that everyone is struggling to navigate through. As more and more employees move to work remotely during this time, it’s essential to educate your workforce on the inevitable security risks around home cyber devices and equipment. Security risks include coronavirus-themed attacks, public WiFi networks and VPNs, cloud-based services, software updates, passwords, and also keeping a pulse on your workforce’s emotional security during this uneasy time. Mission Essential CTS can help you alleviate all of these concerns and provide the security you need to empower the life and business you want. 


REFERENCES 

Trend Micro. (March 2020). Developing Story: Coronavirus Used in Malicious Campaigns:  https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains

Timber, C. and Romm, T. (March 2020). Hackers are seizing on coronavirus fears to steal data, researchers and U.S. regulators warn: https://www.washingtonpost.com/technology/2020/03/12/hackers-are-using-coronavirus-fears-target-people-looking-information-infection-maps/ 

Hughes, N. (June 2018). Despite security risks of free public Wi-Fi, 81% still connect to it, OWI Labs survey finds – One World Identity:  https://oneworldidentity.com/despite-security-risks-free-public-wi-fi-81-percent-still-connect-owi-labs-survey-finds/

Athow, D. (November 2017). You need a VPN when accessing public Wi-Fi. Here’s why:  https://www.techradar.com/news/public-wi-fi-and-why-you-need-a-vpn

Arežina, L. (November 2019). VPN statistics for 2020 – Keeping internet privacy alive: https://dataprot.net/statistics/vpn-statistics/ 

Hostingtribunal.com. (n.d.). 25 Must-Know Cloud Computing Statistics in 2020:  https://hostingtribunal.com/blog/cloud-computing-statistics/#gref

Barth, B. (January 2017). Video: 300 billion passwords by 2020, report predicts: https://www.scmagazine.com/home/research/video-300-billion-passwords-by-2020-report-predicts/ 

Larson, B., Vroman, S., and Makarius, E. (March 2020). A Guide to Managing Your (Newly) Remote Workers:  https://hbr.org/2020/03/a-guide-to-managing-your-newly-remote-workers