COVID-19 or the Coronavirus is changing life as we know it. From simple handshakes to finding toilet paper, life has changed tremendously over the past several weeks. One area that is significantly impacted is the rise of remote workers. Companies in every industry are mandating that employees work from their home offices. This sudden shift in the way we work has created a few new potential cybersecurity issues that employees and employers.
Business as usual for the Lazarus Alliance
We want to let our clients and partners know that our business operations are proceeding as normal. We are a remote workforce with employees and partners around the United States and the rest of the world. Our team has been working remotely for a long time and is equipped to continue to do so. The only thing that has changed from our end is that we won’t be attending the usual industry conferences and will be limiting the number of on-site visits to customers, prospects, and partners. Overall, Lazarus Alliance will continue to operate as usual for the foreseeable future, and we continue to look forward to supporting our team, clients, and partners.
The fast shift to working remotely
One of the key measures to reduce the spread of COVID-19 is social distancing, which, for many organizations, means instructing the staff to work from home. About half of U.S. workers have jobs that could at least partially be done remotely, according to Kate Lister, president of Global Workplace Analytics, a research and consulting firm focused on new ways of working. A good share — 43% of workers — telecommute sometimes, but on average only two days a month, according to a 2016 Gallup survey. Just 3.8% work at home at least half the time, a share that’s nearly tripled since 2006, Lister said.
But moving at short notice from a trusted office environment to working remotely can create security risks. Plus, an unfortunate side of the Coronavirus is that online scams and phishing are up. These factors make the new work reality a far different place than just a few weeks ago.
Attackers have been leveraging coronavirus-themed cyberattacks as panic around the global pandemic continues – including various malware attacks involving Emotet and other threats. An APT, for instance, was recently spotted spreading a custom and unique remote-access trojan (RAT) that takes screenshots, downloads files, and more, in a COVID-19-themed campaign. And, the World Health Organization (WHO) has issued warnings about scammers pretending to be the organization.
Home Network Security
With so many new employees working from home, one of the most significant recommendations that employees should do is to make sure your home Wi-Fi is secure. Also, because of all the new phishing and online scams out there right now, it is highly recommended that employees update their home Wi-Fi password and other passwords for personal systems. It is best to try to keep personal online activities and work activities separate. By keeping work and individual activity separate, separate will minimize the risks of running into something malicious online.
What should employers be doing to make sure remote employees are safe online?
As noted above, ask employees to audit their own home environment for vulnerabilities before connecting work devices. There are continual disclosures regarding vulnerable Internet of Things (IoT) devices, and this is an excellent time for employees to act on securing them with strong passwords and updating their firmware/software to the latest versions.
Consider promoting, or even mandating, the use of a connected home monitoring app before allowing work devices to be connected to home networks. The scan or monitoring will highlight devices with known vulnerabilities, outdated software or firmware, or default passwords that need to be changed.
Establish a VPN for remote employees
If you work anywhere using a shared Wi-Fi network– and even if you work from home– using a VPN is integral to online security.
Significant benefits of using a VPN and online security:
- Remain anonymous. When working through a VPN, you are granted a provisional IP address, and nobody can know your actual location.
- Access your files remotely. With a VPN, you can access data from your home desktop without the fear of being watched.
- Avoid bandwidth throttling. Sudden halts on your allotted bandwidth can be frustrating if you are racing to finish an assignment. Avoid them entirely through VPN use.
Remote Working Security Tips:
- Remind employees of the types of information that they need to safeguard.
- Sensitive information, such as certain types of personal data that is stored on or sent to or from remote devices, should be encrypted in transit and at rest on the device and removable media used by the device.
- Company information should never be downloaded or saved to employees’ devices or cloud services, including employee computers, thumb drives, or cloud services such as their personal Google Drive or Dropbox accounts.
- Provide virtual solutions—for example, the use of electronic signatures and virtual approval workflows to ensure continuous functionality.
- Require security software on employee devices and ensure that all versions are up to date with all necessary patches.
- Implement and enforce two-factor or multi-factor authentication (MFA). If you haven’t turned on MFA yet, now is the time to do it.
- Limit employee access to protected information to the minimum scope and duration needed to perform their duties.
- Consider Mobile Device Management (MDM) and Mobile Application Management (MAM). These tools can also allow organizations to remotely implement several security measures, including data encryption, malware scans, and wiping data on stolen devices.
- Keep IT resources healthy and well-staffed. When more employees than average are working remotely, or remote work is new to an organization, IT resources may be strained, and required IT assistance may increase. Now might also be the time to think about using a third-party partner like Lazarus Alliance.
Conclusions
The business world has always evolved, but the recent outbreak of the Coronavirus is increasing the speed of evolution for organizations around the world. Employers need to make sure they are taking the appropriate steps to safeguard critical information and provide employees with the necessary tools to succeed. Employees need to embrace this new reality by preserving their home and workplace environments since they are likely to be the same.
The Cybersecurity experts at Lazarus Alliance are completely committed to you and your business’s success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations.
Lazarus Alliance is proactive cybersecurity®. Call 1-888-896-7580 to discuss your organization’s cybersecurity needs and find out how we can help your organization adhere to cybersecurity regulations, maintain compliance, and secure your systems.
[wpforms id=”137574″]