The days of 9–5 office hours were over long before coronavirus forced the majority of us to work from home.
Many organisations offer flexible working practices, with employees working from home on an occasional or full-time basis. Meanwhile, we often feel obliged to check work emails on personal computers or phones outside of business hours.
Most companies will therefore already have some experience of the processes involved in home working and the security vulnerabilities associated with remote access.
However, the rollout of a remote workforce in the wake of COVID-19 has challenged even the most prepared organisations. One of the biggest problems was the spike in cyber attacks targeting the uncertainty and fears surrounding the pandemic.
Let’s look at some of the dangers of remote access, and the steps organisations should take to mitigate them.
Online work increases cyber security risks
Without the security protections that office systems afford us – such as firewalls and blacklisted IP addresses – and increased reliance on technology, we are far more vulnerable to cyber attacks.
The most obvious risk is that most of our tasks are conducted online. After all, if something’s on the Internet, then there’s always the possibility of a cyber criminal compromising it.
They might attempt to do this by cracking your password. This could be easier than ever if you’re reusing login credentials for the various online apps that you need to stay in touch with your team.
Meanwhile, according to CISO’s Benchmark Report 2020, organisations are struggling to manage remote workers’ use of phones and other mobile devices. It found that 52% of respondents said that mobile devices are now very challenging to protect from cyber threats.
You can find more tips on how to work from home safely and securely by taking a look at our new infographic.
This guide explains five of the biggest risks you and your organisation face during the coronavirus crisis.
Alternatively, attackers could send phishing emails that are intended to trick you into either handing over your details or downloading a malicious attachment containing a keylogger.
The dangers of phishing should already be a top concern, but things are especially perilous during the coronavirus crisis.
A recent report found that there has been a 600% increase in reported phishing emails since the end of February, with many of them cashing in on the uncertainty surrounding the pandemic.
Organisations should also be concerned about remote employees using their own devices.
This might have been unavoidable given how quickly the pandemic spiralled and the suddenness of the government’s decision to implement lockdown measures.
Still, where possible, all work should be done on a corporate laptop that’s subject to remote access security controls. This should include, at the very least, 2FA (two-factor authentication), which will mitigate the risk of a crook gaining access to an employee’s account.
This ensures that the necessary tools are in place to defend against potential risks, such as anti-malware software and up-to-date applications.
It also gives your IT team oversight of the organisation’s IT infrastructure and allows it to monitor any malicious activity, such as malware and unauthorised logins.
Control the risk
Any organisation with employees working from home must create a remote working policy to manage the risks.
If you don’t know what this should contain, our Remote Working Policy Template provides everything you need to know.
It includes guidance on storing devices securely, creating and maintaining strong passwords, and an acceptable use policy for visiting websites that aren’t work-related.
Organisations should also explain the technical solutions that they’ve implemented to protect sensitive data and how employees can comply with them. For example, we recommend applying two-factor authentication to any third-party service that you use.
Although it shouldn’t be a concern during the lockdown, your remote working policy should also address the risks that come with employees handling sensitive information in public places.
For example, when business goes back to normal, staff may well use company devices in places such as trains and cafés, where opportunistic cyber criminals can lurk without drawing attention to themselves.
Security incidents are just as likely to occur even if there isn’t a malicious actor. Consider how often you hear about employees losing their laptop, USB stick or paperwork.
Coronavirus: your biggest challenge yet
Disruption caused by COVID-19 is inevitable, and you have enough to worry about without contending with things like cyber security and compliance issues.
Unfortunately, cyber criminals have sensed an opportunity amid the pandemic, launching a spate of attacks that exploit people’s fear and uncertainty.
It’s therefore more important than ever to make sure your organisation is capable of fending off attacks and preventing data breaches.
To help you meet these challenges, we’ve put together a series of packaged to solutions tailored to these turbulent times. Meanwhile, most of our products and services are available remotely, so we don’t need to be on-site to carry out things like security testing.