With large masses of people transitioning to work-at-home arrangements, some employers are scrambling to establish remote IT setups. Unfortunately, this often results in rushed arrangements that neglect important security protocols.
Nobody knows this better than cybercriminals—and they’re poised to take advantage of this reduced protection of your network.
Why does this happen?
Home networks and equipment are often not as secure as those at a business with proper IT procedures. Firewalls are generally less stringent, and Wi-Fi passwords might not follow best practices. Personal computer anti-virus software might also not be up to date (as it often is in company-owned equipment).
There’s also an inherent risk in a hastily created VPN policies. When set up properly, VPN is a safe way to work remotely. But doing so takes time and careful planning; otherwise you risk leaving security gaps unaddressed.
This is great news for hackers, who are ready to attack home networks and access valuable company data. It’s not-so-great news for employers given the upheaval already caused by the COVID-19 outbreak.
What can we do?
In times like this, the need to work remotely is urgent. So quick action is required to establish telecommuting security. Thankfully, there are steps your organization can take to make employee work-at-home setups as secure as possible.
- Do not create a VPN between an employee’s personal computer and the organization. Company-owned equipment will likely have more updated cybersecurity protection. So make sure they’re using your laptops, portable devices, drives and other equipment.
- If an employee must use their home computer, implement a remote access method that requires multi-factor authentication.
- Do not lower or remove any firewall settings on the company side to accommodate remote work.
- If at all possible, obtain firewalls for remote workers. This can involve turning on their computer’s Windows firewall, checking the options in their modem, or buying them a firewall appliance.
You should also make sure your employees continue following cybersecurity best practices. These include:
- Don’t share your computer.
- Lock your computer when you’re not using it.
- Don’t visit random websites or click on questionable links in emails, on social media and elsewhere.
Long-Term Steps for Telecommuting Cybersecurity
As with many things, preemptive measures are often the most effective. Hackers don’t take breaks, so you should never let your guard down. And when you plan in advance for emergencies, you can mobilize more quickly when the time comes.
First, make sure you regularly assess the security of your network. This includes scanning your email system, network and endpoints for vulnerabilities, performing penetration testing, and running anti-phishing campaigns.
It’s also critical to monitor your network every day, all day, throughout the year. Use advanced tools like SIEM software, data visualization tools, automation and artificial intelligence. Respond immediately to any issues detected.
Create rapid-response plans for emergencies. This includes what to do in the event of a cyberattack, as well as procedures in the event of a public emergency (such as setting up mass work-at-home arrangements with secure network protocols).
Finally, establish a culture of cybersecurity at your organization. Make sure they’re well versed in best practices regarding passwords and general network/equipment use. Hold regular training and make everyone aware about the latest security threats.
In all of these efforts, it’s important to have experts on your side. James Moore’s Technology Services Team is ready to help you through these uncertain times. Together we can protect your tech so it’s there for you and your employees—so you can be there for those you serve.