2020 has been a year full of surprises and lots of change. Organizations becoming 100% remote workforces within a matter of hours or a few days because of the COVID-19 Pandemic, has to be one of the most prevalent changes of all. Some organizations previously offering partial remote work, or not having the option at all, suddenly made it so 90-100% of their employees are working from home. This demand for change put remote work and collaborative technologies to the test at a scale that we have never seen before.
Today’s employees are logging in from their kitchen tables, bedrooms and living rooms, even the basement, to email, slack, airdrop and message their colleagues. And while they are all focused on getting their work done, what might not be so apparent is that they are also opening up their companies to heightened data and security risks.
The simple truth is old-school technologies that were designed to prevent data from moving outside traditional security perimeters were never built to safeguard collaborative workforces. So now that the vast majority of us are working from home, how can we be sure our network connections are secure, and that data is being protected?
Tom Hermstad of HD Tech says, “When it comes to cybersecurity, there is not much room for error. Those who fail to adequately secure their IT environment, including remote access employees, may regret their neglect. As more people are working from home rather than at the office, cyber criminals are taking advantage of any weaknesses that may become apparent in the home worker’s IT defenses.” Barracuda Networks reports that phishing email attacks have increased by over 600% during the beginning of the pandemic.
Quite simply put, employees who work from home are a much bigger target than the company itself. And why is that?
It would be foolish to assume that a hacker might only be interested in attacking large databases at big companies. If the company you own or work for has IT support of any kind, you’re generally protected and have the necessary systems in place to keep data secure. Hackers know that those systems will be harder to break into. Work from home systems, on the other hand, are at the mercy of the diligence (or negligence) of the user! Typically, it’s the latter in these cases, and makes it easy for hackers to infiltrate. Meaning, they spend their time and resources on YOU, waiting for you to falter. They may not get everything that they want from you, but given the opportunity, they can use your access information to log into critical business systems remotely.
So, you’re a hardworking team player who liked to check e-mail and get a few things done after hours, pre-COVID of course. But now, almost all of us are checking our emails during and after work hours, and are working from home almost all of the time. It is important to understand that you should never access company data, file servers or applications through personal devices and home PCs that are not properly protected or monitored, pandemic or not. If you and your kids are using a home PC to play games, access Facebook and surf the web, AND you’re not diligently updating and monitoring the antivirus software, firewall and security patches on the machine, then there’s a high probability you’re infected with spyware or malware—and don’t know it! Since most malware is designed to operate in total stealth mode undetected, you won’t know that some hacker is watching you log in to your company’s file server or key cloud application containing critical, sensitive data and capturing your login with a key logger. Yikes.
The truth is that your home computer is subject to the same types of cyber-attacks that threaten your work devices. Some examples of threats you can experience are:
- Malware
- Man-in-the-middle (MitM)
- Denial of service (DoS)
- Phishing
- SQL injection
- Password attack
and so much more. That’s why, now more than ever, it is SO important that we are working with an IT professional (and not just your good friend or neighbor doing you a favor) and developing a plan to deal with the gambit of vulnerabilities.
Physical security is as important as anything else in the protection of a company’s IT environment. The simplest thing you can do is watch your device! It’s best not to leave your laptop unattended without locking it first—even a child who doesn’t know any better could cause problems in the few minutes you are out of the room, let alone the possibility of a burglary and your work equipment being stolen.
Your devices and applications should also have more protection than a simple password. Multi-factor authentication adds an additional layer of protection for your important data. Many websites are now requiring or offering MFA, and you should always take advantage of it.
Your security plan should include other best practices to protect your data. For example, make sure that your applications have all the latest security patches and updates. Back up your data regularly, and be sure to have a disaster recovery/business continuity (DR/BC) plan in place in the event of an unplanned or natural disaster causing irreparable damage. Use robust VPN software, and never connect to sensitive company data without it. If you aren’t doing these things yourself, then you need an IT professional to be doing it for you.
Working from home may have its advantages, but it’s not without its risks. If you are working from home, be sure that you and your IT team cover all the bases. Every business, large or small, should include remote access workers in their network and systems security plan. Cyber criminals are very crafty— do you want to be responsible for productivity and dollars lost?
