Harvard Business Review Contribution.
The COVID-19 health crisis has created many organizational and economic concerns for companies. Those who have opted for remote work due to the pandemic are now facing additional pressure on their networks’ security. Remote employees, who are more exposed than corporate networks, have become prime targets for hackers looking for more accessible entry points to corporate networks.
Remote Work and Amplified Cyber Risk
An estimated 16 million U.S. knowledge workers started working remotely due to Covid-19 as of March 27; that number is likely much higher now. The use of personal devices and Internet connections, coupled with anxiety about balancing work with childcare and other home tasks, has created new vulnerabilities.
This is because home Wi-Fi networks are generally less secure, shared by different users, and connected devices are more vulnerable to malware. Not to mention that remote working has encouraged the adoption of applications such as teleconferencing tools that have their own security weaknesses such as Zoom bombing (the intrusion of malicious individuals into group videos). Finally, less vigilant remote employees may be more vulnerable to phishing scams that open access to company networks. According to cybercrime statistics, phishing sites increased 350% from January to March 2020. COVID-19 phishing (sending email messages claiming to be from legitimate companies with information about the coronavirus) is on the rise. Cybercriminals especially favor compromised email to obtain sensitive information or commit fraud, taking advantage of the feelings of fear and panic experienced by the population during a health crisis situation and causing more users than usual to click on infected attachments or links in emails.
Cyber Hygiene Adapted to Remote Work
In response to this change, companies must put protective measures in place to adapt to teleworking.
First of all, it is generally necessary to remind employees of the security policies and practices developed to deal with threats and to empower them to become even more vigilant in protecting their data at “home.”
This involves precautions such as:
- Encryption of data to guarantee their confidentiality.
- Securing connection devices such as choosing a strong password on home Wi-Fi, securing data by strengthening authentication using multiple criteria and not just a password, and the use of complex password management platforms.
- Regularly updating the system, network, and applications to prevent hackers from exploiting known vulnerabilities.
- Deployment of security software (antivirus software and firewalls).
- Physically securing your computer equipment to limit theft or loss.
- Creating several user accounts (family, professional, personal, etc.) if it is necessary to work on the family computer.
Another precaution is increased vigilance of phishing and social engineering techniques and the sharing of personal information such as photos of online meetings and telecommuting tools. Recent research on excessive online sharing has shown that people don't realize how much personal and business information they reveal in their photos, such as pictures of their homes and hobbies or pictures of internal correspondence and sensitive web pages for their business on their screens, which provide clues to their usernames, passwords, and other information.
Set up a Secure Gateway
In order to limit their exposure to risks and strengthen confidentiality, availability, and integrity of their critical data and systems, the implementation of appropriate measures and tools is necessary. Data becomes more vulnerable during exchanges between the remote workstation and the corporate network.
Security professionals recommend three types of actions to limit exposure to cyber risk:
1. Review availability of and limit access to sensitive information while using automated tools to scan devices and applications in order to detect abnormal spikes in traffic or unusual requests.
2. Favor more secure communication through the use of tools such as VPN or the Cloud. A VPN (Virtual Private Network) makes it possible to open a secure tunnel between the workstation and the company network and therefore keeps data private even when shared on public networks. The data transmitted in this way is encrypted, and therefore unusable even if it is intercepted. This is also the case with the Cloud. These platforms, such as the online versions of the Microsoft 365 suite, host business applications on their own servers, relieving pressure on business systems and giving employees more flexibility to access software from home.
3. Ensure a regular backup strategy for critical data, whether through the company server or using specialized applications. Experts predict a resumption of ransomware attacks as soon as businesses reopen. Having operational safeguards will limit the consequences of the incident and ensure business recovery as quickly as possible.
4. Secure individual employees and their devices: whether it’s by providing secure, fully-identifiable hardware on the corporate network or by prioritizing the verification of user identities and devices at various checkpoints with passwords and other authenticators. For Jean-Dominique Nollet, head of information systems security, the use of strong identification or MFA (Multi-Factor Authentication) is the most effective way to ensure the security of the company's infrastructures when employees work off-site. Multi-factor authentication typically combines passwords with other security measures, such as fingerprints or other biometric identifications.
To face the COVID-19 crisis, companies must use the logic of limitation: limit the risks means limiting the repercussions of the crisis. While worldwide, an increase in cybercrime has been reported during the pandemic, preventing the evolution of cyber risk and its consequences, remains one of the essential prerequisites for business continuity. Cybercriminals are on the prowl. Taking remote work into account, as well as increased online protection of employees, will help companies stay secure during the pandemic and beyond. In fact, working from home seems to have won over many employees. A study from the State of Remote Report shows that a whopping 98% of people would like to have the option to work remotely for the rest of their careers.
This article has been published in Harvard Business Review France.