As the COVID-19 pandemic forced many companies to act due to shelter in place orders from local governments, many chose to implement remote working protocols.
These remote working procedures, in many cases, lowered operational costs, improved productivity, and enhanced physical safety, but they also played a role in rising cybersecurity attacks because of inadequate implementation.
In fact, the FBI saw cybersecurity attacks soar by at least 300% since the beginning of the pandemic. And security researchers found a significant number of breaches tied to remote workers. One of the most high-profile examples of this was the supply-chain watering hole attack on American information technology company SolarWinds, which allowed threat actors to hit Microsoft, government agencies, and cybersecurity companies. The CEO of SolarWinds, Sudhakar Ramakrishna later verified that an email hack was the attack vector: "We've confirmed that a SolarWinds email account was compromised and used to programmatically access accounts of targeted SolarWinds personnel in business and technical roles.”
Although not every company will attract attention from the type of hackers that targeted SolarWinds, it’s still prudent to implement remote working protocols security with the following tips:
Businesses are rapidly shifting operations to the cloud during the pandemic to improve productivity for remote workers. Making the move with help from the right cloud consulting services can also boost cybersecurity. For example, a cloud security team that offers SOC 2 Type II certified solutions may provide advanced threat detection and automated response measures to proactively stop and remediate attacks before they can bring your operations to a halt. They may also offer managed endpoint protection services to secure every endpoint in your organization.
Your organization could have the most intelligent security solutions, robust network defenses, and the most thorough backup procedures, and it could still be infected by malware like ransomware, spyware, Trojans, worms, or rootkits due to employee error. For example, a spear-phishing email could function as an infection vector when a remote worker downloads a corrupt attachment. Similarly, web-borne exploits from malicious websites that employees visit can help hackers breach security.
That’s why security training is essential nowadays. You can find many free programs on safety procedures for remote employees from colleges or YouTube. However, it's better to invest in the services of a cybersecurity consultant to train staff on best online practices.
Many organizations have loose BYOD (Bring Your Own Device) policies to cut costs. Unfortunately, these policies can be disastrous as its difficult to manage threat vectors on personal devices. The best solution is to invest in company laptops and smartphones for employees with strict usage protocols. Such devices are also easier to secure with anti-malware solutions.
Corporate VPN accounts are an excellent way to help boost security for remote workers. Not only do VPNs create a secure and private tunnel on the Internet that masks a user’s IP address, but they also encrypt data. VPNs can also counter some network security issues.
As threat actors become more sophisticated in their attacks against remote workers, organization leaders must take the appropriate steps to enhance security. Cloud services, cybersecurity solutions, training, and VPNs can all mitigate the risk of a cyberattack on a remote worker.