What day is it now after we’ve all been placed on stay-at-home orders?
It’s been at least a couple of months since we first adopted quarantining, self-isolation, and social distancing measures into our everyday lives to try and ‘flatten the curve’ of the COVID-19 virus. Our lives have changed completely, and the economic consequences of the situation are being felt all over the world.
But one of the more overlooked negative impacts of the coronavirus is how hackers and cybercriminals have taken advantage of the situation, leading to a rise in cyberattacks as a whole. Cyberattacks increased by 37% this last month in comparison to last year.
The good news is that major companies have been doing a mostly decent job of making the necessary changes to their security plans to combat the threat of cybercriminal activity. Security leaders at cybersecurity companies in particular have been scrambling both when it comes to educating users about the increased cyber threats of remote work and with enabling larger scale security solutions.
Since the personal, financial, and customer data of your business have never been more vulnerable or under greater threat, it’s important for you to take action to help ‘flatten the curve’ of cyberattacks getting worse during and after the COVID-19 pandemic.
Regardless of whether you’re an employee remotely working for a company or the owner of an online business managing remote workers, there’s probably a lot you can learn from what cybersecurity companies are doing right.
Employees Need To Understand the Risks of Remote Work
Perhaps the single most important policy that cybersecurity companies have adopted, and that online business would be wise to adopt as well, is to teach each of their employees of the risks that come with remote work and strategies to reduce those risks.
Many organizations are now turning to SaaS platforms such as G-Suite, Office 365, Slack, and Zoom. The problem is that these kinds of remote working systems, while usually transparent about the security measures they take, still come with inherent vulnerabilities. Any hacker with the right tools and knowledge can intercept and manipulate data flowing through SaaS systems so long as they have access to the network infrastructure in between the service itself and the user.
SaaS has increased significantly in popularity, to the point that over 80% of online organizations are now using it for the bulk of their software needs. This means that this is not an issue that is going to go away when the COVID-19 pandemic begins to slow down.
With this in mind, there are numerous cybersecurity tips that you can teach your employees that will go a long way to ensuring data safety and privacy. These include:
Ensuring Physical Security of Devices
Physical security of devices is arguably the single most overlooked element of cybersecurity. What’s more is that your company devices are being exposed to even greater risk as employees are physically taking those devices outside of the workplace.
Fortunately, there are a number of strategies that cybersecurity companies use to help protect physical device security and that your business can use as well.
One such strategy is full disk encryption, which will ensure that none of your company’s data is accessible even if a physical device such as a laptop or phone gets stolen. Another is to mandate that employees always stay logged out of devices when not in use, and to use a password manager system that can set strong passwords and then rotate them on a regular basis.
Auditing The Home Environment For Vulnerabilities
Any employee or worker who works for your company should have an audit conducted of Internet of Things (IoT) devices at their own home environment for security vulnerabilities before being allowed to connect work devices.
IoT devices are significantly more vulnerable than you may think, as they are a frequent target for dark web hackers.
An alternative to conducting a security audit would be for your company to mandate a connected home monitoring app for any work-related device that can be connected to the employee’s home network. This monitoring app can point out any devices in that employee’s home network with vulnerabilities (such as outdated software or poor passwords that need to be changed) so you can know what needs to be fixed first before allowing the work-related device to then be connected.
Setting Policies For Connecting To The Internal Network
Last, but certainly not least, your company needs to set clear policies about the steps an employee needs to take before accessing the internal network of your business (even if it’s only email or a cloud-based service).
One such policy should be to only allow an organization-owned device to connect to your internal network, thus ensuring that the device fully falls under the management of your cybersecurity team. This means that no other devices owned by your employee(s) would be allowed to connect.
Another policy should be to require that all remote workers have to use a virtual private network (VPN) to connect to your organization’s internal network. This is especially important for remote workers who will be using public networks.
And even though it may not be a foolproof strategy, a good VPN will make it significantly more difficult for information sent over a public network to be intercepted by a man-in-the-middle hacker. Any VPN service your company uses needs to be installed with an IKEv2/IPsec protocol, because this is easily the most secure encryption protocol currently available for most consumer VPN services.
Finally, require that all employees utilize multi factor authentication in order to access anything on your company’s network. This ensures that only authorized users are allowed access.
You can use physical hardware tokens to create a one time code to grant authorized access as needed at first, but eventually you’ll need to transition over to an app-based system instead, which is also more secure than SMS messaging.
Small businesses and organizations have been impacted in a number of ways from the COVID-19 pandemic, one of which is the drastically increased risk of cyberattacks.
Ultimately, smarter cybersecurity thinking is the number one factor that’s going to help those businesses keep their data safe during and after the crisis. We need to broaden our thinking about how we can create multiple ways to stop a cyber attack and block intruders early on.
Remember, a cyberhacker needs to perfectly execute multiple steps in order to break into a system. Disrupting just one of those steps will put an end to that hacker’s efforts and they’ll move on to an easier target.