In the wake of the coronavirus, many organisations internationally are allowing people to work from home to lessen the risk of contagion, but is this wise from a cybersecurity point of view? While companies generally have a cybersecurity policy in place that governs the use of anti-virus and firewall protection, individuals without any tech knowledge could fall foul of cybercriminals.
I have been an advocate of home working since the mid-1990s when it was called teleworking. I was self-employed and worked on a four-year project for the European Commission. Our virtual company, called Telework Europa, was charged by the EC to examining the then-emerging Internet technologies and how they could benefit the geographically disadvantaged, Eurospeak for those stuck in the back of beyond, away from the main employment areas.
Working From Home Not New
“Working from home or online education programs are not new. However, a large, immediate migration of people from enterprise and university networks that are closely monitored and secured, to largely unmonitored and often unsecured home Wi-Fi networks, creates a very large target of opportunity for cybercriminals,” Chris Hazelton, director of security solutions at Lookout, said. “These users are outside the reach of perimeter-based security tools, and will likely have higher exposure to phishing and network attacks.”
So, how can organisations assist this transition with their employees?
First, Windows 7 and later are not supported by Microsoft and will not have had the latest security patches installed thus providing an open gateway to hackers. Apple devices are generally considered more secure, although there are reported attempts by hackers to crack Apple kit.
Second, get working from home staff to provide your IT department with an audit of the software they have on their computers to provide awareness of insecure software.
Third, educate staff about the dangers of unsolicited emails, particularly using Corvid-19 as a lure, to get people to open them. These phishing scams will plant malware onto the users’ systems.
Third, ensure employees have up to date security software on their computers. Anti-virus and anti-malware providers have facilities for bulk licences. Your IT department will advise you on the corporate AV used by the company, so compatibility is a good idea.
Fourth, the use of a VPN is recommended as this encrypts all traffic from staff home computers, providing an extra layer of security. Do not use free VPNs, these are widely acknowledged to be insecure and have been known to data-mine computers or plant malware. Again, your IT team will provide a list of recommended providers.
Fifth, home wi-fi and mobile devices and connected computers can be accessed by drive-by or close proximity hackers. Get employees to install an app that will inform them of what computers and devices are accessing their home wi-fi and block those unrecognised devices.
Sixth, try and install a high degree of common sense in their home working period as any weaknesses ignored by them could well affect your corporate computer infrastructure.