Optimising cybersecurity for a remote workforce

During the first half of 2020, the necessity to suddenly shift to remote working left many companies little time to prepare for the transition. Hackers used this as an opportunity to capitalise on unprotected networks and cyberattacks have spiked since the start of the pandemic.

There’s no denying that working from home (WFH) has its pros and cons — workers can avoid morning traffic and dial in a conference call in their favourite pyjama bottoms, but can also feel unfocused and isolated.

Whether you love it or hate it, smart working allowed thousands of companies to protect their employees’ health while remaining operational. Unfortunately, COVID-19 is not the only virus they needed to worry about.

No furlough for hackers

The shift to remote working has massively increased hackers’ potential attack surfaces, giving them more opportunities to compromise a business’s security system. A recent survey conducted by Malwarebytes showed that since the start of the pandemic, 20 per cent of their interviewees’ organisations experienced security breaches caused by remote workers’ unprotected systems, and 24 per cent of them faced unexpected expenses as a consequence.

Security agencies both in the UK and the US have also warned companies that an increasing amount of malware is circulating as a direct result of the transition to working from home.

We might be tempted to think that smaller companies with outdated or insufficient protection would be the only victims, but that is by no means true. For example, NHS employees were targeted with more than 40,000 spam and phishing attempts between March and July 2020.

Despite this evidence, the Malwarebytes survey revealed that the great majority of respondents were overconfident in self-assessing their readiness to operate remotely, and underestimated the consequences of major gaps in their security strategies.

Stay safe

In this context, organisations need to pinpoint areas of their IT systems that might need increased protection, as well as train their remote workforce to be on guard against possible cyberthreats.

For example, using personal laptops and home computers instead of corporate devices might increase the risk of cyberattacks. Personal computers don’t offer the same protection as corporate ones — organisations cannot know what kind of antivirus their employees are using on their PCs, or even whether they are using one at all.

Most of the time, personal devices also lack services such as customised firewalls and automatic backup tools that might allow employees to recover data in case of a successful cyberattack. Providing corporate laptops for all employees can be expensive, but in the long run, it could be cheaper than having to deal with the extra cost of repeated attacks.

Home WiFi networks can also be entrance points for malicious software. Compared to corporate networks, those set up for personal use might have weaker protocols, such as WEP instead of WPA-2. Providing thorough training to your employees on how to assess and improve the security of their home networks might be a good solution.

It’s also important to warn employees against using unsecured free WiFi networks in public spaces. Hackers are famous for spying on internet traffic that flows through these networks, in the hope of identifying confidential data that, if revealed, might lead to very serious financial and reputational damage for companies.

Keep it private

Many remote workers use a virtual private network (VPN) as a way to protect their online privacy. This is a good choice, as VPNs encrypt internet traffic and make it undecipherable to third parties who might intercept it. However, VPNs are not risk-free and can be targeted to gain access into corporate networks. If you’re using a VPN, make sure to add an extra security layer by choosing the right protocol. For example, you can switch from PPTP to OpenVPN, which guarantees maximum privacy.

Another tool to protect your sensitive information is, of course, the use of strong passwords. This might sound obvious, but it’s incredible how often employees might use easy to guess passwords, use the same password for a variety of corporate accounts, or leave the remember password function on. Remember that most successful cyberattacks happen by brute force, where hackers try to access corporate networks by inputting as many passwords as possible, usually with the help of bots. Choosing secure passwords and changing them often is the first line of defence.