Working from home is becoming increasingly common, unfortunately, so are cyber-attacks.
Security is probably the biggest challenge for IT admins in this regard. Even in normal times (if we recall what that is), it’s common for employees or third parties to log into a company’s IT resources from a remote location. The challenge is multiplied because of the increased exposure to potential cyber intrusion when outside the office.
Cyber-attacks are on the rise. For instance, Infosecurity Magazine highlights a report from Barracuda Networks that email phishing attacks have risen from 1188 in February 2020 to more than 9116 in March. Cyber criminals are taking advantage of the WFH trend. What’s an IT admin to do?
Remote Workers Are Vulnerable
Anyone who connects to the internet may become the target of a cyber attacker. Closed local area networks within the safe confines of the business campus may give a false sense of security, but there are no guarantees. If unprotected, those who have adopted the work from home (WFH) model can be easy pickings for the crafty hacker.
Types of Cyber Attacks
We mentioned the phishing attacks in an earlier post. Links and attachments in emails are an easy way to solicit sensitive information or unleash dangerous viruses. Hackers can launch man-in-the-middle attacks through any unsecure Wi-fi, whether at home or at the coffee shop. Unprotected passwords make a user easy prey for any cyber-criminal with a widely available network protocol analyzer tool like Wireshark.
Increasing Security Awareness
The first tool in the IT admin’s arsenal to combat attacks on remote access users is simple: education. Every WFH employee needs to be aware of the potential for cyber-attacks and how to prevent them.
IT departments should have adequate documentation that describes best practices for security and includes contact information on how to get help in time of trouble. The at-home user should take personal responsibility to secure any IT resources or company data in his possession.
Watch Your Laptop and Use Password Secured Screen Savers
It may seem too obvious to mention, but physical security of any devices used for business purposes is essential. That means employees not leaving their laptop or smart phone unattended in a public venue, even when going to the restroom.
Curious children in the home may want to see what mommy or daddy does, but leaving company files in plain view could result in the accidental loss of data. Oops! A password-secured screen saver could do the trick. If you use personal devices for business, the same physical precautions apply.
Multi-Factor Authentication
It may not be enough to devise a strong password. If you really want to protect access to your applications, it’s a good idea to implement two-factor authentication. You can verify your identity to the computing environment in three ways:
-
Something you have
-
Something you know
-
Something you are
A password is something you know. Many companies now require the input of a short code that is sent to the user’s smartphone (something they have). You can even go so far as to require biometric authentication such as a thumbprint or an iris scan. Using more than one authentication method offers the user a tactical advantage over the hacker.
Backup Your Valuable Data
All-important data should be regularly backed up. It’s the responsibility of the IT admin to make sure that there is a backup system in place. That could mean syncing files on a user’s laptop with a company server. Some businesses may be happy to take advantage of free cloud services like Google Drive, with files syncing to the laptop.
Another great option for backing up valuable data would be with Microsoft 365’s OneDrive, especially if your organization has already grown accustom to other Microsoft products like Word and PowerPoint. As a Microsoft partner we can help find a data backup solution that would best work for your needs.
Whatever the solution, you should never have just one copy of anything. It’s too risky. Hard drives fail. Files get lost or corrupted. And cyber criminals can wreak havoc with stored data at any time.
Keep Your Systems and Software Updated
Internet browsers and web applications are notoriously vulnerable to security breaches. That’s why Microsoft and other vendors are continually issuing new security patches on software of all kinds. Be sure that all users have the latest, safest software on all their devices. And while you’re at it, keep up on firmware updates too. That’s another possible target for attack.
Remote Working Made Secure With VPN Software
All users should be connecting to the internet through a secure connection. Commercially available virtual private network (VPN) software is available from a variety of sources. And there are simple off-the-shelf versions that work just as well.
The IT admin should do his homework to find the best solution, but don’t neglect this important aspect of remote access security. It’s especially important when users log in from public places like restaurants, cafes, and airports.
Prepare for the Worst
There’s a whole discipline that applies to information technology and other areas that focuses on how to keep a business going when everything goes wrong. Business continuity (BC) is often associated with disaster recovery (DR), but it also applies to problems related to cyber-attacks.
Whether targeted or company-wide, incidents of cyber-crime can make it impossible for users to work. With proper backup, redundant systems and data centers, and a fully developed business continuity plan that also includes voice and collaboration tools, users can rest assured that they can continue their tasks uninterrupted.
Make Cyber-security a Priority
Advances in technology continue to make working from home easier and more user-friendly. But neglecting the security aspects of remote access can result in unimaginable loss to businesses, and possibly career problems for those involved.
It’s up to IT professionals to help and advise remote workers on best practices in network security. Someone needs to take ownership of this issue in every company. And every user should accept responsibility for security for themselves. Cyber attackers are working round the clock, and we all need to be on our toes.
If you’d like to learn about our IT professional services and network consulting, please contact us here.
If you enjoyed this article you may also enjoy:
Suellen Meyers: December 21, 2023
