The year 2020 has brought a wave of changes in the way we live our lives. Handshakes are a thing of the past. Facemasks are now just as essential for leaving the house as wallets, house keys, and mobile phones!
Remote work, and specifically working from home, has also been on the rise in 2020. Even post-pandemic, it's unlikely that we'll see all of the companies who have moved to a remote workforce return to their offices full-time. Many organizations are starting to realize that remote work is the way of the future.
According to a Gartner survey, 82% of company leaders plan to permit their employees to work remotely at least some of the time. In that same survey, nearly half (47%) said they intend to allow employees to work remotely full-time going forward.
With this "new normal" comes a set of new threats to be aware of and safeguard against.
Why Remote & Hybrid Teams Pose a Serious Threat
Hybrid teams, such as when half a team is working out of a physical office, and the other half is working remotely, present an additional risk.
When an entire team works in one location, an employee is more likely to reach out in person to double-check an unusual request. Hybrid teams are often working asynchronously, so they must have an in-depth understanding of the security protocols and procedures to prevent data loss and theft.
1. Implementing Security Awareness Training
Humans are often considered the weakest link when it comes to cybersecurity. While this may be true, employees who are adequately trained to spot threats can also be your most skilled defense.
According to the 2020 Remote Work From Home Cybersecurity Report, cited by KnowBe4, 69% of organizations are concerned overall with work-from-home security risks and 59% see users being security-aware as their most significant security challenge.
Organizations typically have some form of security awareness training in place always. Unfortunately, many of these programs have fallen to the wayside as a result of the sudden necessity of moving all employees to a work-from-home environment.
Understandably, the chaos has forced security professionals and IT directors to focus their attention elsewhere, but employees need security awareness training now more than ever— so prioritize deepening their training requirements.
2. Educate Employees about Social Engineering, Specifically
Of the risks associated with working from home, social engineering attacks are at the top of the list.
The average social engineer is simply a con artist as opposed to a technical genius. Most social engineering attacks don't require the use of advanced technology. Instead, they focus on targeting the weakness that is human nature.
Employees sharing bits of inconspicuous, insider information often gives malicious individuals the exact information they need to infiltrate organizations. Even posting certain information on social media platforms such as LinkedIn and Facebook about an organization can help social engineers in the reconnaissance phase of an attack. Employees should be aware of the types of calls and emails that an attacker may send to gather information about their organization, especially during COVID-19.
3. Put Proper Safeguards in Place
A major misconception among end-users is that they are safe to work anywhere as long as they use their corporate devices. However, the corporate network infrastructure, such as hardware firewalls and honeynets, won't protect users when working remotely or from their homes.
Security professionals and IT staff should implement processes to prevent a single user from fulfilling a potentially harmful social engineering request, such as a wire transfer or direct deposit change.
By implementing a dual-approval strategy or multi-factor authentication, more than one set of eyes must review the request or level of authorization must be made. This type of process increases the chances of a malicious request being flagged before it is completed.
These are just a few suggestions to high-impact remote operations security improvements. While employees may not be protected by physical security equipment outside of the office walls, there are some techniques that businesses can use to protect their employees, such as the following:
- Educating users about two-factor authentication
- Improving password security and management
- Providing instructions for using your company's VPN
- Keeping onboarding and offboarding in mind
Learn more about protecting employees by reading 5 Ways to Secure Your Workforce When Working From Home.
If you are concerned that your remote employees may be at risk, contact Mitnick Security Consulting and learn more about how we can help you stay secure.