With cases of the fresh Coronavirus (COVID-19) happening in every single state, companies of all sizes are impacted. The pandemic is forcing many governments to postpone business in order to contain the virus and figure out next steps to combat COVID-19. It’s a sore topic for many who have had to postpone vital functions in lieu of business continuity. Some companies have shuttered their doors for the unforeseeable future. Yet other enterprises, in a swift move that has left many shocked, are having employees work from home. Social distancing has become the focal point to lessen the spread of Coronavirus, and employees are logging in from remote locations.
Remote Work Expands the Attack Surface for Organizations
Remote work or “working from home” opens organizations to unique challenges for information security. Remote worksites expand the attack surface. Unless previously considered, working from home can create a more insecure IT ecosystem. Staff working from the office benefit from numerous layers of safeguarding security controls. The margin for error might not be perfect but it can be harder to make a security slip while at the office.
Whether there is a pandemic occurring or not, many people already work full-time from the ease of their homes or from coffeehouses. This “privilege” can have its disadvantages, due to the increasing pervasiveness of cybersecurity threats. When new attack vectors develop for the company, further plans are necessary to prevent the next cyberattack or data breach. In this article, we’ll give you some of the best practices to help you stay protected online so you can do your job during this Coronavirus outbreak.
6 Best Cybersecurity Practices for Working Remotely During COVID-19 Pandemic
1. Make Sure Your Wi-Fi Networks Are Secure
Using public Wi-Fi networks presents increased security risk and should be avoided as much as possible. If you have no choice and need to access the Internet from a public Wi-Fi location, you have a crucial complication to know of; other people have access to public Wi-Fi networks. If you are not using a firewall, hackers can target your device from across the room. Consider tethering, such as from the personal Wi-Fi hotspot from your mobile phone. If you are going to use a hotspot, make sure to follow the product guidelines for hardening your device(s).
2. Beware of Shoulder Surfing
The act notoriously known as shoulder surfing occurs whenever a malicious actor spies on a user, whether it be at an ATM, on an airplane or at a coffeehouse, to gain access to personal, private information. Any attentive onlooker can review the information on your device screen, even as you continue to work. Be aware of the sight lines where a cybercriminal, who is skilled at detecting private, sensitive information, can target you from a distance. Never leave your device unattended. Make sure it is locked up somewhere secure or take it with you wherever you go.
3. Don’t Keep Work Data On Your Personal Computer
Take preventative measures such as using your work computer instead of your personal devices to process data. Organizations, in order to achieve security and compliance requirements, will implement security requirements to ensure your work devices are safe from hacking, tampering or carelessness. Even if you’re tempted to work from your personal computer, realize that it can be a danger for you and the organization
It is very unlikely that you have implemented the same level of cybersecurity on your personal devices. Your personal devices can also be a liability to your work network, systems and applications. Check with your IT security team to make sure that you are following company policy and best practices and avoid being held accountable for the next data breach.
4. Train Employees on Cybersecurity, Including Policy
Organizations need to be clear on cybersecurity practices and policy by providing education. Implementing new technologies can help, but with each new technology comes new threats. Employees must not only have a basic knowledge of cybersecurity, they must also develop a mentality that is security-minded in all work activities. As part of training, remote work security policy needs to be clearly articulated. Examples of remote work security policies include access administration, personal device use, setting strong passwords and exercising least privilege access to information sources.
5. Educate Your Staff on Coronavirus Scams
The Coronavirus pandemic is alerting everyone about cybersecurity issues. The World Health Organization (WHO) and the U.S. Federal Trade Commission (FTC) have cautioned the public about continuing coronavirus-themed phishing attacks and scam emails. Rapidly alert IT when you receive a suspicious email on your work device about Coronavirus “cures.” Organizations should also implement stronger SPAM blockers and other security measures.
Even more stealthily, Coronavirus scam emails contain information about “how to treat yourself at home if you think you were infected with the virus.” Users clicking on these links are being directed to a malicious website where hackers are stealing their personal and financial information. We can predict that there will be an increase in work-from-home scams.
Learn more about “Hackers Are Using Phishing Tactics to Feed on Coronavirus Fears”
6. Threat Model Your Attack Surface and Account for Remote Workers
It’s as significant as ever to guarantee that your data is protected. To make this happen, it’s important for security analysts, developers and CISOs to understand their attack surface, taking into account user access to web, mobile, IoT-embedded devices and networks. Organizations use threat modeling to visualize their attack surface and ensure the margin of error is closer to zero. The company will have a more holistic view of the potential threats and security controls required to prevent a cyberattack from occurring.
ThreatModeler Empowers Businesses to Manage Security Risks Tied to Remote Workers
All-purpose remote work and work from home guidelines on computer and Internet use can help, but we recommend turning to a solution that helps prevent your organization’s next data breach. The practices mentioned above should help employees to tread carefully with business devices and private, sensitive and/or confidential information. However, understanding the attack vectors and the impact they can have on your cybersecurity posture will help organizations to focus on business continuity during trying times. There are a number of security threats that an organization might miss if they don’t threat model.
Through process flow diagramming, ThreatModeler offers detailed information on the potential threats that each component brings to your IT infrastructure. ThreatModeler not only provides an actual visualization of the attack surface, it also delivers the required actions needed to mitigate threats. Learn more about threat modeling with our leading, automated platform by scheduling a live demo. You can also contact us to speak with a threat modeling expert.