The challenge ahead: cybersecurity in times of remote work
The change in the work paradigm triggered by COVID-19 brings about a compelling need to revise the security parameters of corporate networks. What precautions to take.
The COVID-19 pandemic also crushed companies' computer security parameters. Even though remote work was already a growing trend in most parts of the world, the "new normal" forced the migration of millions of users from enterprise networks to home devices, with unsupervised WI-FI networks. Attacks from cybercriminals, as a result, grew in unison with the health emergency which, far from being a bad memory associated with 2020, will have lasting effects.
With COVID-19 still looming over our heads, the challenge towards 2021 includes making a greater investment in cybersecurity and the evolution of remote work environments. A survey conducted in 17 countries by Fortinet, a multinational company devoted to software development and cybersecurity services, has revealed that, by mid-2020, 60% of companies had been the object of an intrusion attempt during their transition to remote work, and 34% had received direct attacks on their networks.
Experts agree that "people working from home get easily distracted and mix work with their personal e-mail and web browsing, which increases the risks in terms of cybersecurity". This threat is increased by cell phone usage: "People who spend a lot of time in remote places depend on their mobile devices, and then the attacks are executed based on immediate responses from communication platforms such as SMS, iMessage, WhatsApp, WeChat, among others”.
According to the report from Fortinet, nearly half of the companies surveyed had invested more resources in VPN and cloud security, whereas 40% had reinforced their IT areas with security specialists. The next two years presume a scenario of even more expenditure in cybersecurity: following the pandemic, at least 30% of companies expect that half of their employees will continue working remotely.
Tips to secure remote access to corporate networks
Training and awareness
Remote work represents a radical cultural shift. Employees must be trained on some basic aspects before beginning to work remotely: what their duties and responsibilities are, what type of actions they are entitled to perform, which threats they can be exposed to and what precautions they need to take before entering a corporate network from a remote location.
The user connecting remotely must do so from a device with advanced protection. Access to the enterprise network must be executed through a device running an up-to-date operating system, with the corresponding security solutions installed. It is not advisable to connect through a family device used to freely browse the web and download any type of application.
A secure connection must be ensured between the remote team and the corporate network. Ideally, a VPN (Virtual Private Network) should be used—this technology is meant to connect one or more computers to a private network through the Internet and offers all the necessary security parameters.
Passwords and roles
Passwords to access a company's devices must be tough to crack: it is necessary to have a multi-factor authentication system (MFA). In addition, rules must be set so that only users who have been granted enough rights can access restricted information.
It is imperative to report and revise the resources of each user who will be working remotely: check their devices' settings, operating system, antivirus software, update monitoring, and so on.
Report and follow any devices joining the network from outside the office: which location they are connecting from, how many times and if they are creating inappropriate traffic. Also, external memories should be avoided to store material. Instead, when there are a great number of collaborators working remotely, it is advisable to process and save the data on the cloud. With no exception, every document downloaded from e-mail accounts must be run through the available antivirus software.
Has your company developed an adequate security protocol? At Awkbit, our experts can help. Get in touch.