The remote workforce has been growing for years, but the number of remote workers has recently spiked as entire workforces suddenly became remote. This dramatic change has left businesses and their workers vulnerable to security breaches and cybersecurity attacks.
The World Economic Forum’s 2020 Global Risk Report states cyberattacks are one of the greatest risks that businesses will face in the next decade.
Today’s sudden shift to a remote workforce has only increased the risk and will continue to do so as companies are looking to make remote work more permanent, according to a recent Gartner survey.
The concept of remote work is far from new, but the unforeseen shift to fully remote workforces have exposed companies to security threats for several reasons:
1) The policies to ensure best practices for fully remote work was not in place.
2) They do not have infrastructure in place to support large remote workforces.
3) The change happened suddenly and was accompanied by unexpected financial challenges.
The two typical cyberattacks on remote workers
Cybercriminals have various methods to attack businesses but take two main forms when the attack is geared towards employees:
– Phishing. Fake emails that look a lot like official communications from customers, vendors, or even internal company stakeholders are one method by which hackers steal personal or company information. While the emails are fake, they can look very real. Open one and you may find a link to a website designed to steal your information or it may simply release malicious software on the PC or network. To prevent this, users should always look at the “From” email address – not the name of the sender, but the email address itself; if it’s non-sensical, delete immediately.
– Ransomware. Businesses everywhere have seen an increase in ransomware attacks. Here again, the cyberattack often arrives via an official looking email with an attachment. When opened it releases malicious software that locks down the system, holding it “hostage” until you pay the ransom. Cybercriminals use this attack expecting businesses to rather than fight back.
There are other cyberattacks including viruses, spyware, worms, and others. Strong endpoint protection can catch most of these. Phishing and ransomware have a high degree of sophistication that require more than technology to stop them – it requires employee attention.
What companies can do to protect themselves
Despite the challenges, businesses can – and should – quickly address today’s challenges and protect themselves and their employees from cyber threats. This is especially true for small businesses who are at serious risk as cybercriminals view them as “low-hanging fruit” and for whom resources may be more limited.
Businesses of any size can affordably protect themselves with enterprise-level security. Here’s where to start.
#1 – Establish security and use policies
You can, and probably should, approach this in two ways.
First, share articles and content with your team on data security and how to protect themselves. Your IT department or IT provider can likely provide you with useful, informative content. This is a quick way to build awareness.
Second, assemble your leadership and technology teams to define – in writing – policies and a plan to implement them. Policies should address user behaviour, alongside company practices, technologies, and education to support users and protect your data
While the specifics will vary from one company to another, they should include technologies like endpoint and network protection. Your policies should also address basic security measures including:
– Passwords. Using strong passwords is a must. Passwords should be reset often, at least every 90 days. Weak passwords remain a problem for many businesses and individuals, which, while understandable with so many passwords needed today, does create a security risk. You want to educate your staff on what constitutes a strong password, require password updates regularly using alerts to remind users, and share tools they can use to simplify password management.
– Use of mobile devices. Employees should not use personal devices for work-related activities. Company-issued devices should be secured with pin codes or passwords. Company devices should also never be shared or used for personal activities.
– Education. Provide regular education to keep employees informed about current phishing scams and ransomware along with how to deal with suspicious notifications, emails, and other communications in a safe way. Education is an essential part of policy to ensure all employees understand and are aware of their responsibility to keep company information secure.
#2 – Use these technologies and technology strategies
With a remote workforce, you have a lot of technology options to stay connected. To ensure secured connections, your data, manage access, you should use the following :
– VPN. Implementing a virtual private network (VPN) provides employees secured access to your network. Unless you have gone to a cloud application-only infrastructure, you must use VPN to keep your network secured.
– Multi-factor authentication. With multi-factor authentication (MFA), you add an extra level of protection around your network and data by requiring users to verify their log in credentials in multiple, independent ways. For example, you could have a user provide a randomly generated code sent to their mobile device or email address to complete logging into a system, after they have already entered their username and password.
– Deploy advanced security measures. New ways to deliver technology make it possible for businesses of any size to deliver advanced security measures with a multi-layered approach to security. This protects your users and your data by combining multiple tactics and tools like network security, firewalls, antivirus applications, and others.
To learn more about the best ways to secure devices and protect your remote staff from phishing and ransomware attacks, watch our webinar on Fortifying and Securing the Remote Workspace.
Find out how we can help you protect your networks, devices, and users. Visit Ricoh IT Security Solutions for more details.