At the end of 2019, most organizations wouldn’t be able to imagine the majority of their workforce working from home just a few months later. But as the COVID-19 pandemic spread from country to country, it quickly forced organizations large and small to expand their work from home policies to include as many employees as possible.
This massive migration from offices to houses, apartments, and coffee shops created many new cybersecurity challenges IT departments didn’t need to worry about when employees were working behind the organization’s firewall.
Indeed, 91 percent of all global respondents surveyed for VMWare’s Global Threat Report said they’d seen an increase in cyber-attacks as a result of employees working from home. Since many employees are not going back to the office anytime soon, it’s important for organizations to understand and be able to solve the cybersecurity challenges of remote working.
Phishing scams were responsible for approximately 90 percent of all breaches even before the outbreak of COVID-19, but they were considerably less likely to succeed when employees were using company devices and working from offices.
In recent months, there has been a significant uptick in phishing emails involving money transfers and attempts to impersonate the target’s boss or coworker. Such emails take advantage of the fact that organizations now rely on email communication much more than they used to, and they often succeed because employees are too distracted when working from home to notice anything suspicious.
What’s more, 73 percent of employees have not received remote working cybersecurity guidance, according to a survey of 6,000 employees by Kaspersky, which is especially considering that 27 percent have already received phishing emails related to COVID-19.
To defend themselves against phishing scams, organizations need to invest in cybersecurity awareness programs to help employees understand that irresponsible behavior at home can have far-reaching consequences and even result in an organization-wide data breach. They also need to adjust their remote security policies so that employees don’t feel the need to find workarounds around them just to remain productive.
More Devices More Problems
When employees work from a traditional office setting, they benefit from perimeter-based security controls. Unfortunately, such controls quickly erode when employees leave the office and start working from their homes, often on their own personal devices.
A study from BitSight has recently revealed that home networks were 3.5 times more likely than corporate networks to have at least one malware family. What’s also worrying is that nearly 50 percent of the 41,000 US organizations that provided data for the survey had one or more devices accessing its corporate network from a home network with at least one malware infection.
While it might be tempting for organizations to combat this cybersecurity problem by restricting the use of personal devices, such a solution is guaranteed to negatively affect employee productivity and end up hurting the organization in the long run.
Instead, organizations should implement a mobile device management (MDM) solution to remotely monitor, manage, and secure employees’ mobile devices, such as smartphones, tablet computers, and laptops. A capable MDM solution can alert the IT department of potential threats before they have a chance to become serious problems, giving it plenty of time to react and fix the issue.
Employees who are working from home are frequently required to log in to various internal systems and cloud services, and they often choose the convenience of reusing the same password over the security of unique passwords of sufficient length and complexity.
A 2019 survey by Google identified that 65 percent of people use the same password for multiple or all accounts, and one doesn’t need to look very far to find examples of what password reuse can lead to since 63 percent of confirmed data breaches involved weak, default, or stolen passwords.
To make it easier for employees to use a different password for each account, organizations should equip them with a password manager like Bitwarden, LastPass, or 1Password. In addition to encouraging the use of a password manager, it’s a good idea to introduce another layer of protection by enforcing multi-factor authentication (MFA) when possible.
Within the span of just a few months, remote working has become the new normal across all sectors, and it has created a whole host of cybersecurity challenges that must be addressed for organizations to maintain their cybersecurity posture. The good news is that the solutions for protecting employees working from their homes against the latest cyber threats already exist, and all that organizations need to do is implement them.
Download our free eBook!
Set up a productive, efficient, and secure remote team that can help you run your business anywhere. Download our free eBook today to learn how!