In the wake of COVID-19, more than 90% of Americans are under stay-at-home orders, according to data shared by Business Insider. To comply with these mandates and help curb the spread of the virus, many organizations are requiring most (if not all) of their employees to work from home.
But while workforces struggle to overcome personal challenges (like household distractions, bored children, and the growing anxiety of life amidst a pandemic), tech leaders and other security-minded professionals are also becoming increasingly concerned about how working from home will impact cybersecurity.
After all, while there’s no such thing as a good time for a data breach, we can all agree this is a particularly awful moment.
To help ensure you’re covering security from every angle, we’re sharing five risks of remote working that you may or may not have considered:
Employees’ Home Wi-Fi Security
We’re willing to bet your employees’ Wi-Fi connections are nowhere near as secure as your corporate network. And, in some cases, they may be sharing connections with neighbors or logging on through an unsecured public network (yikes).
Right now, it’s essential your endpoint security is as airtight as possible. So, while you can’t control the Wi-Fi network they use, you can require employees to use a firewall, VPN, and upgrade to the latest version of your antivirus software.
Make sure everyone understands the risks of non-compliance, and consider training employees on how to beef up their home Wi-Fi security, too.
Unauthorized Communication Devices and Software
“Hmm… I can’t connect to this video call.”
“No problem! Let me set up a meeting on my personal account!”
We hate to break it to you, but this conversation is likely happening within your organization — possibly every day.
When employees encounter issues, they look for quick solutions that will keep them on track and productive. But sometimes those solutions aren’t in the best interest of your organization’s security — like using personal Skype accounts for business calls, or holding team meetings on Twitch (we’ve seen this happening a lot). They may also use unauthorized personal devices to connect, too.
Remind your employees that, even if they’re facing a tech challenge, they should never use unsanctioned devices or programs without first speaking with your IT team.
Much like using personal devices, people also tend to get lax with their password security while working from home — including sharing passwords with their colleagues, even when they know they shouldn’t. In fact, 41% of online adults share a password to at least one account, according to Pew Research. Worse, 39% say they use the same or similar passwords for multiple accounts.
Similar to when encountering other tech obstacles, if someone isn’t able to access a platform or tool because they’ve been locked out or forgotten their password, the first step should be to contact IT. Sharing passwords can increase the risk of account takeover.
Plus, given that not all employees have the same permissions, sharing passwords can mean unauthorized individuals can access sensitive information they aren’t cleared to see or use.
Since the beginning of 2020, coronavirus-related threats have increased substantially — especially phishing attacks. A few common themes include:
Scams disguised as news reports or informational resources
Criminals are exploiting peoples’ hunger for information and sending emails that claim to offer details about the virus or new CDC regulations.
Scams disguised as requests for charitable donations
People are eager to donate and help each other, and these scams claim to be collecting donations on behalf of reputable organizations like UNICEF.
Scams disguised as business requests
Hackers know many people are working from home right now, and still adjusting to handling things virtually. These scams resemble emails from colleagues, asking them to download files.
Keep your employees in the loop on any scams you’ve seen. Remind them never to download attachments or click links from unfamiliar senders, and exercise caution even when they know the sender.
Malicious Inside Actors
Unfortunately, a pandemic that forces people out of the office is the perfect opportunity for inside threats to strike. Employees plotting something nefarious are more likely to steal crucial data when they’re not under the watchful eyes of their colleagues and IT team.
Even if your employees don’t mean harm, they may be living with roommates who do — and inadvertently exposing your company to them.
Unfortunately, firewalls and VPNs won’t stop an employee who already has access to your network.
What You Can Do
When it comes to protecting your organization while employees are working from home, education and preventive tech are only half the battle. What happens if your information has already been compromised? How can you prevent account takeover?
Threat intelligence can help identify if any of your data has been involved in a leak and monitor the deep and dark web to find out when or if it’s been shared among the hacker community. This way, you can reduce the damage and stop hackers before they take control of your accounts or devices.
The risks of remote working aren’t likely to go away — in fact, they’ll likely only become more severe. But by staying aware of threats and where your information is, you can head off attacks and protect your organization.
Interested in protecting your organization with actionable threat intelligence? Request a demo now!