IT departments have been forced to address cybersecurity risks with remote workers in a hurry due to the 2019 Novel Coronavirus pandemic that has seen large sections of the workforce forced into working from home.
The International Workplace Group conducted a study in 2019 and found that 50% of employees spend at least half of the week working remotely, and 70% of workers spend at least one day each week working from home. The 2019 Novel Coronavirus pandemic has increased that percentage considerably. Many companies have all but closed down their offices and have told their employees they must work from home.
While this is an important strategy for ensuring the safety of the workforce, there are many cybersecurity risks with remote workers and IT departments will find it much harder to secure their systems, protect confidential data, and quickly respond to security incidents.
One of the biggest problems for IT departments is the speed at which changes had to be made to accommodate a massive increase in remote workers. There has been little time to prepare properly, provide training, and ensure the cybersecurity risks with remote workers are all addressed.
Cybercriminals are Targeting Remote Workers
The massive increase in remote workers due to the 2019 Novel Coronavirus pandemic has given cybercriminals easy targets to attack, and unsurprisingly remote workers are being targeted. Remote workers are seen as low hanging fruit and attacks are far easier than when workers are in the office.
Several phishing campaigns have been detected targeting home workers that attempt to obtain email and VPN credentials. These phishing attacks are likely to increase considerably over the coming weeks and months. Attacks on VPNs have also increased, with cybercriminals exploiting unpatched vulnerabilities to steal credentials and gain access to corporate networks.
Campaigns have been detected spoofing Zoom and other videoconferencing platforms. According to Check Point, there have been 1,700 new Zoom domains registered in 2020 and 25% of those have been registered in the past two weeks. Other videoconferencing and communication platforms are also being targeted.
Addressing Cybersecurity Risks with Remote Workers
The massive increase in the number of employees working from home has increased the attack surface dramatically. Laptops, smartphones, and tablets are remotely connecting to the network, often for the very first time. It is essential that al of those devices are secured and data is appropriately protected.
Any device allowed to connect to the network remotely must have the best security software installed to protect against malware. Devices must be running the latest versions of operating systems and patches need to be applied promptly. Some studies suggest that it takes companies around 3 months on average to patch vulnerabilities. For remote workers, patching needs to be accelerated considerably and, ideally, software and operating systems should be configured to update automatically. Computers used by remote workers must also have firewalls enabled.
Ensure Home Routers are Secured
With many countries in lockdown and people being told not to leave the house, one of the biggest problem areas with remote working has been solved. The use of unsecured pubic Wi-Fi networks. When remote workers connect to unsecured public Wi-Wi networks, it is easy for cybercriminals to intercept sensitive corporate data, steal login credentials, and install malware. The Novel Coronavirus pandemic has seen remote workers abandon coffee shops and public Wi-Fi access points and stay at home; however, home Wi-Fi networks may be just as vulnerable.
Home workers will connect to the internet through consumer-grade routers, which will be far less secure than the office. Home Wi-Fi is often poorly secured and many devices that connect to Wi-Fi will have scant security controls in place. Remote workers must ensure that their home Wi-Fi network is protected with a strong password and that routers have WPA2 enabled.
Ensure Remote Workers Use a VPN and Establish a Secure Connection
It is essential for remote workers to establish a secure connection when accessing work resources and the easiest way to do this is with a virtual private network (VPN). A VPN client should be installed on all devices that you allow to remotely connect to the network.
Several vulnerabilities have been found in VPNs over the past year, and even months after patches have been released by VPN solution providers that patches have yet to be applied. Patching VPNs can be difficult when they are in use 24/7, but prompt patching is essential. There has been an increase in cyberattacks exploiting vulnerabilities in VPNs in recent weeks. In addition to ensuring the latest version of VPN clients are used and VPN solutions are patched quickly, training must be provided to remote workers to ensure they know how to use VPNs.
Ensure Multifactor Authentication Is Enabled
Strong passwords must be set to prevent brute force password guessing attempts from succeeding, but passwords alone do not provide sufficient protection for remote workers. You must ensure that multifactor authentication is enabled for all cloud services and for email accounts. If credentials are compromised in a phishing attack, it will not be possible for the credentials to be used to access accounts and sensitive data without another factor also being provided, such as a one-time code sent to an employee’s cellphone.
Security Awareness Training for Remote Workers
IT staff will be well aware that even the best security defenses can be breached as a result of the actions of employees. Employees are the weakest link in the security chain, but through security awareness training risk can be significantly reduced. Most companies will provide security awareness training to staff as part of the onboarding process, and often refresher training sessions will be provided on an annual basis. Consider increasing training for remote workers and conducting training sessions far more frequently.
The purpose of cybersecurity awareness training is to teach employees the skills they will need to recognize and avoid threats and to change the mindset of workers and create a culture of cybersecurity. Best practices for cybersecurity must be taught to prevent employees from falling prey to cyberattacks when working remotely. Employees need to be made aware of the cybersecurity risks with remote workers, which may not have been covered in training sessions when employees were only working in the office. Training remote staff should now be a priority. It is important to step up training to help remote workers identify phishing emails, spoofing, impersonation attacks, and also to teach remote workers about good IT hygiene.
Protect Against Web-Based Attacks
The dangers that come from the internet should be covered in security awareness training, but not all web-based threats are easy for remote workers to identify. Malicious adverts can be found on all manner of websites that direct users to phishing sites and websites where drive by malware downloads occur. To address cybersecurity risks for remote workers when accessing the internet, a web filtering solution should be deployed.
Cloud-based web filters are the most practical choice as they are easy to deploy, require no software downloads, and do not need to be patched or updated as that is handled by the solution provider. DNS-based filters are the best choice as they will involve no latency, which can be a major issue when bandwidth will be limited in workers’ homes.
WebTitan prevents remote workers from visiting or being redirected to known malicious websites and allows IT teams to control the types of websites that can be accessed on work devices to further reduce risk. Since WebTitan integrates with Active Directory and LDAP, IT teams can monitor the internet activity of all employees and can configure the solution to block malicious file downloads and the downloading unauthorized programs onto work devices.