We're Safer Working from Home - Our Data is Not

This crisis has caused an unprecedented amount of change to how we work and our dependence upon technology. Although we’re physically safer working from home, and, helping to limit the spread of the virus, our technology is now exposed to new problems and threats.

In March, with the flip-of-a-switch, most organizations had to scramble to find a way for their workforce to continue to be productive from outside their office walls.

Like a fire-drill, people grabbed whatever they could to be able to work from home. In addition, they’ve made use of whatever they had existing in their homes to remain productive.

This is okay, we do what we can to “get the job done,” but now that we’ve adjusted to this new normal let’s start to review some of the fallout.

The scramble to get everyone up and going made things functional, but, now, it’s time to analyze the risk of who is accessing your data, how they’re accessing, and what they’re using to access it with.

Here are a few key problems we’re seeing now with those working remote:

1) What Are Your Team Members Using to Work Remotely

We’re seeing users accessing their company network using VPNs (Virtual Private Networks) from old, outdated devices. These devices are old desktops and laptops that were sitting for some time and not company issued. They’re operating systems are out of date, missing security patches and were not inspected prior to use to ensure they weren’t infected from the beginning.

2) Phishing Attempts Are on The Rise – is Your Team Ready?

Attempts to get your team members to click on links or give access to systems is on the rise globally. Phishing attempts are looking for easy access to networks and your data, and now know that your team members all have a private connection back to your organization’s network. They are also aware that there are less tools to monitor for these threats, and lots of distractions for your team members, making it easier to find a victim and infect the network.

3) Are you Using Dual Factor Authentication?

The key to your house is a good analogy for remote workers, they have the rights and access to your systems and data. Using a dual factor authentication tool will provide another layer beyond their password.

Unfortunately, we’re finding that most organizations are turning off these tools for ease-of-access or have never set them up in the first place. This leaves VPN access and critical applications wide open to access if your user’s password is exploited.

What We Recommend:

1)Know What You’re Team Members are Working On

Ensure your team members are working off of company issued devices, if this is not possible then start to collect inventory of what your users are working off of from home (i.e., model of machine, operating system, etc.). Start to enforce updates through tools or manually updating operating systems if necessary.

2) Require Dual Factor Authentication (2FA)

At a minimum, integrate a two-factor authentication tool for at least your critical access (such as VPN access, etc.) and your primary applications.

3) Use a Security Awareness and Training Tool

To prepare your users what to look for in phishing attempts, implement a security awareness tool. These tools will create phishing attempts to purposely try to trick your users and start to put them on high alert. This will get your team to slow down and not just immediately click on links or open files, but, instead, take their time to inspect what they’re receiving before taking action.

4) Monitor Remote Devices for Threats

Install a tool that will monitor the devices your team members are working on while accessing your data. There are cheap anti-virus tools that will help, but I would recommend a tool that sends this information to a centralized detection system to identify threats before they become a bigger issue.

5) In Summary, Tighten it Up

If you had to loosen your IT security briefly to get everyone up and going, that’s understandable. It’s time now to start tightening back down areas you’re aware of. We’re hearing of firms opening up firewall ports, sharing passwords, and changing normal security restrictions. This worked in a state of scramble, but now these loose ends become potential threats if they’re not addressed.

If you have any questions, we’re happy to help you plan and implement better security for your remote workforce.