Physical-Security

The Remote Worker Security Challenge

February 23, 2020
By: Charles Rich, Contributor

 

Is remote working here to stay? According to research by IBM, only 1 in 10 people working remotely as a result of COVIDd-19, are eager to return to the office any time soon.

Sadly, while many people are celebrating changing attitudes towards working remotely, telecommuting itself is giving rise to a myriad of new cybersecurity challenges.

Remote Working is Seeing an Exponential Rise in Business Cyber Attacks

According to this year’s Global Threat Report by VMWare, 91% of businesses surveyed have seen a significant uptick in cyberattacks in 2020. This trend has been confirmed by Interpol, who between February and March identified a 788% increase in malicious domain registrations.

 

 

  • In January and April, Interpol identified 907,0000 malicious emails circulating online connected to the pandemic.

 

  • During the same period, Interpol received 737 reports of major malware incidents.

 

  • Since the start of the pandemic, major cyberattack attempts on businesses have risen from a few hundred each day to over 5,000.

 

As a result of this surge in attacks, Forbes has gone so far as to warn that the most significant cyberattack in history will likely happen at some point in 2020.

 

How is Remote Working Fueling a Rise in Cyber Attacks?

 

Why remote working is fueling a rise in major cybersecurity incidents is simple.

In many cases, businesses have switched to remote working without performing adequate telecommuting security risk assessments. Neither have many businesses had the time to implement standard cybersecurity operating practices for remote workers, or even adequately train employees.

 

There is a Reason Why Most Cyber Attacks Start with Phishing Attempts

 

According to Interpol, rates of phishing attacks have become particularly concerning since the start of COVID-19. Moreover, at present, 59% of all recorded cyberattacks have a phishing attack component. The reason for this is simple.

 

Before COVID-19, cyber attackers were already using social engineering exploits to bypass business cybersecurity defenses. Now, doing so is altogether easy, so long as attackers can target the right individuals.

 

  • Phishing attacks see remote workers targeted with spam emails, URLs, IM messages, texts, and even phone calls, that appear as if originating from employers or trusted third-parties.

 

  • Often, attackers gain enough of the trust of targets to have them unwittingly download malware or disclose sensitive information like secure database passwords.

 

  • After penetrating business security perimeters, attackers start observing businesses discretely, before stealing sensitive data and/or compromising critical business systems.

 

Under normal (non-remote working) conditions, business IT teams can prevent phishing attacks using spam filters and by closely monitoring in-office network traffic. However, when employees work from home, safeguarding against phishing attacks becomes a lot more difficult.

 

  • Often, employees will run personal email, social media, and software apps, on the same devices they use to work remotely.

 

  • Devices employees use to work remotely are rarely as secure as monitored office workstations.

 

  • Poor cybersecurity awareness by non-tech-savvy employees, make some phishing attacks altogether easy to execute.

 

Mitigating Security Threats with Remote Work VPN Services

Are your employees using their own devices and/or their own home Internet service while working remotely? If so, it is only a matter of time until you suffer a serious hack or data breach.

 

To safeguard against phishing attacks, malware, and data breaches, employees who are remote working during COVID-19, should ideally use office supplied laptops and PC peripherals.

 

  • No device that anyone remote working uses to work should also be used for personal web browsing or running personal software apps.

 

  • Devices that remote workers use should be security hardened by business IT teams with antivirus software, firewalls, and optimized security settings.

 

  • All business employees should receive appropriate cybersecurity awareness training.

 

For an added layer of protection, people who are remote working should also connect to the Internet using a secure VPN.

 

What is a Virtual Private Network (VPN)

Having your employees use a VPN when remote working, is one of the easiest ways for you to protect your company security perimeter from a malicious hack or data breach.

When your employees don’t use a virtual private network (VPN), all the data they send or receive across the Internet is visible to their Internet service provider (ISP). Worse, potentially malicious websites and others with access to home or public wifi networks can also monitor your employees’ activity online.

By comparison, when remote workers use a VPN to connect to the Internet, all data that they send and receive across the Internet is fully anonymized and encrypted.

Key Features to Look for with Business VPN Services

At its most basic, a VPN allows people who are remote working to connect to private company IT networks from remote locations 100% securely. However, to get the most out of a VPN, any VPN you use should do more than just encrypt and anonymize employee web traffic.

 

VPN Kill Switches

To maintain a robust business cybersecurity perimeter, any VPN you use should support kill switches.

Kill switches themselves immediately block devices, users, and individual software applications from communicating with your company servers, when a VPN connection drops or suspicious network activity is detected.

Mobile App Support

As a rule, most remote workers don’t just work online via their laptops or PCs. Throughout the day, your employees might also need to use VOIP or instant messaging apps to collaborate and communicate with coworkers.

To ensure that telephony connections between your office and employees are secure, any VPN you use should be able to secure mobile device access to your network.

DNS Leak Protection         

Out of the box, any VPN your business uses should make sure that all DNS requests get routed through VPN servers, not third-party ISP DNS servers. This will prevent DNS leaks that can reveal sensitive data to third-parties.

Support for Peer-to-Peer File Sharing

 As a business, you need to be 100% certain that no documents, files, or records containing sensitive business information ever fall into the wrong hands. Any VPN you use should, therefore, support peer-to-peer (P2P) network traffic and file sharing.

Remote Access

 In your office, it likely isn’t uncommon for members of your IT team to remotely connect to different workstations when employees require IT support.  As it stands, it should be just as easy for your IT team to do this, even when employees are remote working.

By using a VPN that supports remote access, your IT team can more easily monitor your cybersecurity perimeter and respond to threats in real-time when necessary.

As well as the above, any VPN you use should have a no-log policy that prohibits VPN providers from keeping records concerning how you use their serveries. Thankfully, most VPN services do have no-log policies. However, just like with everything, it will always pay to read any small print.

   Contact G20 for more information on Security Planning: