“The rapid shift from office to remote working has left organisations vulnerable to online security threats. If adequate security measures aren’t implemented on every device or network that connects to the corporate network, bad actors can go undetected,” said Kelly Johnson, Australian country manager, ESET
“A risk here is that the cybercriminals will wait to attack once the company begins to operate at full capacity again, causing the greatest possible impact,” Johnson warns.
The warning comes as ESET launched a free online remote workforce hub with resources aimed at helping organisations mitigate their cybersecurity risks, with the hub covering topics such as transforming office workers into remote employees and tips for a cybersecure home office, as well as COVID-19 scam updates.
ESET announced that the online hub also includes a step-by-step checklist to help protect businesses regardless of employee location, with advice such as:
Require multi-factor authentication (MFA)
Also known as two-factor authentication (2FA), this is the best defence organisations can implement on all their corporate devices to protect themselves against cybercriminals. 2FA requires a second form of identification, following a password, to reduce the chances of cybercriminals impersonating employees and infiltrating the network.
Require a virtual private network (VPN) for accessing the internal network
A VPN encrypts corporate traffic when using at home or public internet, ensuring the organisation’s data is protected regardless of the security of the network itself. Businesses must ensure they have enough VPN licenses and capacity to cover the new users.
Use a virtual desktop interface solution if possible
A virtual desktop interface solution lets employees access a virtual machine, located either in the cloud or the business’s data centre, and controls it remotely. It can be configured to look exactly like an office-based system. The advantage is the sensitive data or files exist only on the virtual machine and are never kept on the employee’s home system.
Remind workers to be network-aware and Wi-Fi wary
Organisations have no control over employees’ home networks and other devices that connect to them. It’s important to ensure employees turn off any file-sharing on their work system and ensure their home router or Wi-Fi access point has WPA2 security enabled. Businesses should remind employees never to connect to an unsecured or open Wi-Fi access point that doesn’t require a security key.
Invest in full-featured endpoint security for home workers
Organisations shouldn’t trust the antivirus that shipped with a home system or personal device. A full-featured solution guards against all types of threats, with multiple layers of defence including a personal firewall, protection from malicious websites, and guarding against malware on portable USB drives. Organisations should invest in a business-class endpoint security suite that IT teams can administer remotely.
Require encryption if employees will work on sensitive files
If employees will download corporate files to their personal devices, organisations need to provide them with an encryption solution. Implement a policy that ensures they keep their personal files separate from corporate documents and save the corporate documents to an encrypted folder. Businesses can also enforce that employees save revised documents to the corporate data store, so remote backup isn’t needed.
Instil the habit of logging out
Regardless of where employees work from, businesses should encourage them to log out from the corporate network at the end of each day and whenever they are away from the computer for extended periods of time, such as a lunch break.
Promote patches and updates
Businesses should ensure that all remote workers have automatic updates enabled on all their systems. This means they’re in line with all security measures implemented by the IT department. IT teams should also ensure that the internal environment is up to date, including security-critical items and systems that might remain unpatched because they run 24/7.
Businesses should be mindful of home connected devices that run Windows 7, as it no longer runs updates. It may be advisable to ban access until the operating system has been upgraded to a supported version.
Provide cybersecurity training for employees
Regardless of how much cybersecurity businesses implement, one of the most critical prevention tools is education. Knowledgeable employees are less likely to fall for scams that are increasingly targeting remote workers. ESET ESET says that Ccybersecurity training will help employees stay vigilant and aware of current scam trends, “especially considering they don’t have co-workers immediately next to them to consult.
To access ESET’s remote workforce hub click here.