As remote work continues to be required during the coronavirus outbreak, organizations face increased security risks. Private networks, personal habits, and malicious agents can all exploit business as well as personal vulnerabilities as teams shift to remote work structures.
Even with the sudden adjustment, security must always be a top priority. Here are several cybersecurity tips for protecting your “virtual office” and remote workforce.
Zoom / Teleconferencing Privacy
With nearly five million people in the US working remote (and even more recently due to coronavirus concerns), most use a video-conferencing platform for meetings, classes and even social gatherings. As these tools take more precedence in staying connected, they become a target for cyberattacks. One of the more popular platforms, Zoom, is under scrutiny for its security and privacy concerns. From its attention-tracking feature to uninvited “Zoom-bombing” of meetings, there’s several ways to increase its security to carry on using the platform safely.
To better keep your data safe, apply updates to Zoom software as they come out, and take advantage of its password enablement feature for setting up and joining meetings. Zoom will generate a random meeting password by default, or you can update the password to one of your choosing. For larger groups like business and education sectors, features like meeting passwords and virtual waiting rooms, can be controlled at an account level to prevent unwanted participants from joining your meeting or webinar.
Ensure any company-owned devices are properly protected with up-to-date antivirus, firewalls, and device encryption. For the many workers will have to use personal networks to get their job done, set up a secure virtual private network (VPN) back to the corporate office to help maintain end-to-end data encryption and secure transmission of your companies data.
A VPN creates a safer, encrypted “tunnel” from the user network (such as public or private Wi-Fi) and across the public internet to access the organization’s network. This prevents any man-in-the-middle attacks that may be lurking over public networks. Determine who on staff needs access to the organization’s entire internal network, and who may just need access to cloud-based services and email.
To take things a step further, utilize a secure DNS service like Umbrella from Cisco to secure end users devices that aren’t on your secure company network. Umbrella does more than just speed up your web browsing. It also ensures DNS requests aren’t for malicious sites or content that may expose your team to any kind of security threat. While it sounds more ‘big brother’ than it is, the intent behind it is rewarding.
As more teams adopt a remote workforce, email becomes one of the most critical communications channels but provides the most common gateways for threats, especially over unsecured or public Wi-Fi networks. Encryption involves disguising sensitive information so that even if someone tries to intercept an email, they can’t interpret the content. If you need help getting started with encryption, I suggest looking at how your email provider already offers encryption support.
To maximize email security, tools like Mimecast are a great layer for businesses to add that are looking to decrease phishing, ransomware, and impersonation attacks. The popular cloud security solution enables easy filtration of emails received from outside the organization or those that appear “phishy”. In the event an employee does fall victim to a bad link or attachment, it can help detect threats and protect against malicious web activity and block inappropriate websites.
This one is obvious but can’t be repeated enough. Regularly updated and strong passwords protect individuals and businesses. Password managers like LastPass are great apps for generating stronger passwords and storing them in an all-in-one secure location. It’s also a great way for securely sharing credentials with anyone on your team who made need access. While password managers and vaults help, passwords aren’t enough these days.
Whenever possible, utilize Multi-Factor Authentication (MFA), which is also known as Two Factor Authentication (2FA) – something you know (your password) and something you have (a security code/device). The strongest form of MFA is with a physical security key like a Yubikey, but as teams look for quick solutions, an application that will randomly generate a 6-digit key like LastPass Authenticator is the next best option. The least secure MFA/2FA method is going to be via SMS or phone call since those have been proven to be spoofable – but is still better than just using a password.
Cybersecurity Best Practices
Being remote means all the more reason to over-communicate, so continue to raise awareness and advocate best practices around cybersecurity risks. Regularly remind employees about the increased security risks when embracing a remote-work lifestyle, and don’t forget to provide guidance on what to watch for when identifying potential threats. Reminders can go a long way in mitigating risk.
Ongoing awareness training and tools like KnowBe4 can regularly test your team in identifying ‘bad’ emails, links, and files. This can help reduce employee error and lower the security risk a remote workforce presents. Additionally, keep IT resources well-staffed. Give remote employees access to contact information for critical IT personnel to whom security incidents can be reported to and that can assist with technical issues.
Keeping people safe it at the forefront for everyone right now, and as cybersecurity threats rise in sophistication and teams take on work remotely, ensure you relook at your organization’s security protocols. Most data breaches are caused by insiders, not outside hackers. By addressing these concerns and regularly reminding your team how to stay safe, you can mitigate security threats and any uneasiness with having your team take on the “virtual office”. We understand the challenges your organization may be facing during this difficult time, and we're here to help. If you have questions or could use an extra hand, let's start a conversation.