Working remotely has certainly caught on. With improvements in technology, and the threat of COVID-19, many employers are not only encouraging, but requiring people to perform their jobs from home. Cybersecurity is an ongoing concern for workers both in the office and at home.
The major issue is how to maintain data security when employees work remotely. In this article, we will cover some of the leading security risks and how you can keep remote workers and your corporate data safe from cyber attacks.
Cybersecurity Risks of Working from Home
Large networks and databases run by big companies are generally better fortified against cyber attacks. While these seem more tempting to hack, cyber criminals are more often targeting work-from-home systems, as they’re easier to access. Remote workers typically use fewer layers of security for their computers. Hackers can easily access these machines or remotely log into business systems to obtain sensitive information.
These are some factors that increase the risk:
- Lack of Home Network Security: While a home network connection allows access to corporate resources, it often lacks firewalls, VPNs, and other IT defenses. Companies rarely require employees to have these for remote access. Basic antivirus software doesn’t provide an adequate level of protection.
- Use of Multiple Personal Devices: Employees often don’t limit themselves to working on one device. They may use their desktop, laptop, tablet and smartphone at different times. While one device may have better security controls, another may not. The failure to include every device in an enterprise’s password or authentication policy can leave the network vulnerable.
- Increase in Data Sharing: Cybersecurity is often limited due to flaws in the remote employee’s internet connection. Public internet resources are inherently insecure. Company data can be intercepted at many points when, for example, an employee engages in file sharing or sending/receiving emails.
The physical separation between a home office and the corporate IT department creates logistical challenges in providing assistance during a potential attack. This makes it hard to prevent data breaches and other attacks, and to act in time to mitigate their effects.
Cyber Criminal Tactics During the COVID-19 Era
Cyber criminals have evolved their strategies to focus on exploiting remote workers. The incidence of fraudulent emails has been on the rise. Some of the most common tactics being used during the COVID-19 pandemic include:
- Phishing: Personal and business emails used to obtain personal information, such as account numbers and passwords, can enable an attacker to compromise an entire corporate system.
- Malware: The injection of viruses, spyware, adware, ransomware, and other malicious software can damage computers, servers, and entire networks.
- Denial of Service (DoS): An attack that shuts down a computer or network makes it inaccessible by overloading the network address with traffic.
- Man-in-the-Middle (MitM): The attacker eavesdrops on a conversation or impersonates a participant. The exchange of information appears normal but all data exchanged are accessible.
- Password Attack: Hackers try to steal a password by guessing or replacing certain letters and numbers, with an understanding that most passwords are generally weak. Software is often used to test every possible combination.
- SQL Injection: This is a code injection technique in which malicious SQL statements are submitted via entry fields. An attacker then executes queries to access data and web applications and/or make unauthorized modifications.
Work from Home: Best Practices
For companies, strategies that can help include creating/implementing security policies on every device an employee uses. It should be verified that the hardware used remotely has the proper security controls. Other best practices include training employees on basic security techniques, having a disaster recovery and business continuity plan, and purchasing cybersecurity liability insurance.
Remote employees can protect themselves and corporate data and networks by:
- Avoiding Public Wi-Fi: The lack of a firewall between remote workers and malicious actors makes public Wi-Fi insecure. A threat actor may be sitting across from you in a coffee shop. Observers can intercept data on the current network or any network information passes through. Use a personal hotspot, which avoids the public Wi-Fi network, or a VPN that connects with different services and protects traffic.
- Using Only Work Computers for Work: Avoid using your personal computer to perform tasks you forgot to do while working. It doesn’t have the same security measures and your employer’s IT team may be running antivirus scans, updating software, and blocking suspicious activity without you even knowing it. Avoid downloading or synching files if your company provides access to a remote portal.
- Staying Alert: Anyone behind you can see what’s on your screen or what you’re typing. It’s not hard to spot confidential information. Therefore, be aware of your sight lines and who’s nearby. Keep your devices close to you at all times. A malicious actor can swap data very quickly with a USB stick while you’re in the restroom.
- Encrypting Data: If you include sensitive data in an email, use encryption so third parties cannot read it. There are many ways emails can reach unintended recipients. Use your device’s settings to encrypt stored data automatically, so if it’s stolen, information won’t be accessible without an encryption key.
- Maintaining Physical Security: Keep your doors at home locked, don’t leave a work computer in a car, and avoid using random thumb drives. Hackers are known to leave thumb drives lying around, in the hopes an employee will use one and unwittingly do major damage. If you use a public phone charging station, an unknown USB port can transfer data. Use a USB data blocker to prevent this and the injection of malware.
How to Maintain Security When Employees Work Remotely
In addition to establishing a security policy, be attentive to your employees’ needs. Companies with remote employees often provide the right equipment, including a good monitor, keyboard, mouse, and security software. Providing access to a VPN protects information stored on business servers and other assets. Multi-factor authentication is also effective, as it provides more security than one simple password.
Other ways to maintain security include backing up data regularly, installing the latest security updates, and training your staff. Cybersecurity training increases awareness of the various threats they may face. It also informs employees what to do to prevent and act on cyber incidents. Your highly valuable IT assets are better protected when remote workers know how to keep them safe.
Recommended Ciphertex Products
Ciphertex Data Security offers some of the best secure data storage products on the market. If your organization is wondering how to maintain security when employees work remotely, our SecureNAS® is the answer. It provides up to 174.4TB of military-grade data protection and when paired with a Ciphertex-Protect® Encryption Key it delivers FIPS 140-2 Level 3 certified, AES-256 compliant encrypted data protection.
Other secure, high-performance Ciphertex products include a USB-C dual 2.5” SSD device that stores up to 15TB+ of sensitive files, and a USB-C 1TB or 2TB NVMe stick device supporting read-write speeds of up to 2,000 MB/sec. A portable RAID system, the CX-Ranger-E, has full hardware encryption to ensure data security across a remote workforce. The single drive CX-2500 is available with a 2.5” HDD (up to 2TB) or an SSD (up to 7.6TB), connected via USB 3.0.
With up to 18TB of secure HDD storage, the CX-3500 includes AES-256 encryption and requires a digital key token for authentication. It is engineered for the needs of remote workers in many security-sensitive industries, including forensics, media & entertainment, healthcare, government, and military.
Contact Ciphertex Data Security
Our products are ideally suited for businesses with employees working remotely. These solutions are designed to protect data and infrastructures from the newest, most sophisticated security threats. Call us at 818-773-8989 or contact us online for more information or to obtain a price quotation for any of our products.