When the global pandemic forced millions to work from home, IT and security teams had to quickly find ways for employees to access the business network and data. While many turned to secure VPN access using company-issued laptops, many workers rely on home computers, smartphones and tablets.
Multiple endpoints put data at risk in any situation. And, long-term remote work makes security an even more significant challenge as it becomes more difficult to identify at-risk data and other security incidents.
Workers easily overlook security best practices during remote work, which increases the risk of data compromise and misuse. With families locked down together, an employee may share a laptop with a child for online classes. While a business-owned device should have security software, and up-to-date apps and operating systems, a personal device may not be as equally secure, leaving any personal data on the device vulnerable.
For example, many consumer-grade Wi-Fi routers sacrifice security for ease-of-use. Wireless routers with Wi-Fi Protected Setup (WPS) ship with an eight-digit pin for simple setup, but these routers with WPS are vulnerable to hacking.
Even VPNs can add risks to the data if the company relies on legacy systems that are complicated to deploy and, in turn, don’t provide a secure connection to business applications. If the VPN is too difficult for a worker to use, they will likely bypass it in exchange for productivity.
Bad Actors Exploit COVID-19
Cybercriminals know that remote work increases security risks, so it is not surprising that a global pandemic is a new attack vector. Phishing scams are on the rise, for example. Although awareness of phishing scams has improved, hackers prey on the fear surrounding the pandemic as click-bait to malicious ransomware or keyloggers. Or they create fake domains to mimic the World Health Organization, Centers for Disease Control and health department sites to take advantage of the high number of web searches for anything COVID-19 related. These websites steal credentials, credit card numbers and other personal information.
Additionally, malicious hackers capitalize through apps that promise details about COVID-19 spread, contact tracing or statistical information. Again, these apps exist to steal personal data.
Bad actors will not let an opportunity go by without exploitation. They know people are searching for information on unsecured devices where standard threat-warning mechanisms are delayed and the human user’s distress may lead to error and negligence.
Five Tips to Mitigate Risk
Because employees may be working from home for an extended period, business leaders need to develop remote work policies that go beyond attendance, social media usage, conduct, dress code and confidentiality to include strict data protection policies.
Below are five tips to help protect personal data and mitigate risk:
- Avoid unsecured networks – That means avoiding public Wi-Fi, using an upgraded company-provided VPN for all business tasks (including a tutorial and troubleshooting advice) and ensure home routers have a new, unique password.
- Restrict business data to business devices – Don’t backup company data to personal devices or personal clouds. Data proliferation due to multiple copies of the same data increases the risk of a data breach.
- Prevent unauthorized access –
- Use secure authentication methods, including multi-factor authentication and strong password requirements. Do not share passwords or store them where others can see them.
- Always lock your computer, and other business devices, when they are not in use.
- Remain aware of your surroundings when working. You don’t want unauthorized family members, friends or the person at the next table at the coffee shop looking at your screen or eavesdropping on a phone conversation. Also, don’t let sensitive documents sit on the printer tray.
- Don’t leave devices unattended in your vehicle, where they are vulnerable to theft.
- Ensure computer operating systems, software and devices are updated – Make sure security software is installed, and up-to-date, on all devices.
- Remain aware of internet scams – Scammers are increasingly sophisticated. It is essential to remain alert with telephone calls, emails, social networks and online. Do not open suspicious texts, emails, click on pop-up windows or open attachments from unknown senders.
Even as the world reopens, businesses are still developing strategies to bring workers back into the office safely, and many companies and employees may adopt a more permanent remote work setup. As long as there is remote work, there will be an increased risk of data breaches. Remote workers must remain cautious of suspicious requests, fake websites, malicious apps, and follow company policies to avoid unnecessary risks.
Rob Server has more than 20 years of IT development, management, and support experience across the education, communications, healthcare, services, and software industries. Rob joined Spirion in 2013 as a sales engineer, led the solution engineering team and now serves as Product Manager for Spirion’s two products, Sensitive Data Manager and Data Privacy Manager. Server holds a master’s, and bachelor’s, degree in management information systems from the University of South Florida Systems. For more on Spirion. www.spirion.com