Security Market Segment LS
Monday, 06 April 2020 13:13

Warning: Remote working has its security pitfalls Featured


In the effort to keep employees productive and the business running, the rapid switch to remote workplaces during the current COVID-19 outbreak has left public and private sector organisations vulnerable to cyberattacks, according to one global IT security vendor.

“The rapid shift from office to remote working has left organisations vulnerable to online security threats. If adequate security measures aren’t implemented on every device or network that connects to the corporate network, bad actors can go undetected,” said Kelly Johnson, Australian country manager, ESET

“A risk here is that the cybercriminals will wait to attack once the company begins to operate at full capacity again, causing the greatest possible impact,” Johnson warns.

The warning comes as ESET launched a free online remote workforce hub with resources aimed at helping organisations mitigate their cybersecurity risks, with the hub covering topics such as transforming office workers into remote employees and tips for a cybersecure home office, as well as COVID-19 scam updates.

ESET announced that the online hub also includes a step-by-step checklist to help protect businesses regardless of employee location, with advice such as:

Require multi-factor authentication (MFA)
Also known as two-factor authentication (2FA), this is the best defence organisations can implement on all their corporate devices to protect themselves against cybercriminals. 2FA requires a second form of identification, following a password, to reduce the chances of cybercriminals impersonating employees and infiltrating the network.

Require a virtual private network (VPN) for accessing the internal network
A VPN encrypts corporate traffic when using at home or public internet, ensuring the organisation’s data is protected regardless of the security of the network itself. Businesses must ensure they have enough VPN licenses and capacity to cover the new users.

Use a virtual desktop interface solution if possible
A virtual desktop interface solution lets employees access a virtual machine, located either in the cloud or the business’s data centre, and controls it remotely. It can be configured to look exactly like an office-based system. The advantage is the sensitive data or files exist only on the virtual machine and are never kept on the employee’s home system.

Remind workers to be network-aware and Wi-Fi wary
Organisations have no control over employees’ home networks and other devices that connect to them. It’s important to ensure employees turn off any file-sharing on their work system and ensure their home router or Wi-Fi access point has WPA2 security enabled. Businesses should remind employees never to connect to an unsecured or open Wi-Fi access point that doesn’t require a security key.

Invest in full-featured endpoint security for home workers
Organisations shouldn’t trust the antivirus that shipped with a home system or personal device. A full-featured solution guards against all types of threats, with multiple layers of defence including a personal firewall, protection from malicious websites, and guarding against malware on portable USB drives. Organisations should invest in a business-class endpoint security suite that IT teams can administer remotely.

Require encryption if employees will work on sensitive files
If employees will download corporate files to their personal devices, organisations need to provide them with an encryption solution. Implement a policy that ensures they keep their personal files separate from corporate documents and save the corporate documents to an encrypted folder. Businesses can also enforce that employees save revised documents to the corporate data store, so remote backup isn’t needed.

Instil the habit of logging out
Regardless of where employees work from, businesses should encourage them to log out from the corporate network at the end of each day and whenever they are away from the computer for extended periods of time, such as a lunch break.

Promote patches and updates
Businesses should ensure that all remote workers have automatic updates enabled on all their systems. This means they’re in line with all security measures implemented by the IT department. IT teams should also ensure that the internal environment is up to date, including security-critical items and systems that might remain unpatched because they run 24/7.

Businesses should be mindful of home connected devices that run Windows 7, as it no longer runs updates. It may be advisable to ban access until the operating system has been upgraded to a supported version.

Provide cybersecurity training for employees
Regardless of how much cybersecurity businesses implement, one of the most critical prevention tools is education. Knowledgeable employees are less likely to fall for scams that are increasingly targeting remote workers. ESET ESET says that Ccybersecurity training will help employees stay vigilant and aware of current scam trends, “especially considering they don’t have co-workers immediately next to them to consult.

To access ESET’s remote workforce hub click here.


















WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Peter Dinham

Peter Dinham - retired and is a "volunteer" writer for iTWire. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments