Before the coronavirus pandemic, the way we worked was already changing rapidly. Markets and consumers have demanded businesses become more mobile, more agile.
COVID-19 hasn’t just changed the rules of the game: it’s changed the game itself. Many companies, especially start-ups and tech-focused enterprises have made significant strides in the area of enterprise mobility and the concept of remote working in recent years. However, most industries, especially those considered “traditional” (banking, finance, education, manufacturing) have largely resisted a mass transition towards mobility and remote working and have found themselves flustered at a time when calm is most needed.
Many of these companies were simply not prepared for the sudden need for flexibility and agility imposed upon our society as the virus swept across national and domestic borders. They have been forced into hastily devising a remote working strategy, something which should have been blended into the company’s culture over time.
Employees have been given their laptops or computers to take home and the security of a company’s data and information goes from being protected in one secure place to an arena where the risks are multiplied dramatically. This panic is music to hackers’ ears.
Hackers know only too well that they only need to find one weak link in the security chain in order to do untold damage. Therefore, the responsibility for ensuring the safety of an organization’s data is transferred to each individual employee working from home.
Here we examine the main threats facing remote workers and how they can be tackled:
Securing the foundations: Internet connection points in the home are a key concern when it comes to security when working from home. Therefore, a router security check is necessary especially if on the bottom of the router it says Wired Equivalent Privacy (WEP) connection. The user should contact their technical department or their internet service provider to request a change to Wi-Fi Protected Access (WPA) and assistance in changing the password, if the user is unable to do so alone. In both cases, it is also possible to request a change of password and for the name of the Wi-Fi network to be invisible to others, meaning only those who know the name chosen by the remote worker can connect to it.
Phishing: Imperva define phishing as “a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.” In Verizon’s 2019 Data Breach Investigations Report, they concluded that 32% of data breaches involved phishing. Very often, phishing emails are fairly obvious. Welivesecurity describe how, “They may also have an impersonal greeting – think of those ‘Dear Customer’ or ‘Dear Sir/Madam’ salutations – or feature implausible and generally surprising content.”
They advise users to never click on links in an email to a website unless absolutely sure that it is authentic. If there is any doubt, users should open a new browser window and type the URL into the address bar.
Anti-virus: Along with securing your internet connection, ensuring your antivirus protection is up to date is one of the first security measures to tick off the list. Norton Security detail how “Not every type of cyberattack can be prevented with antivirus software, but it can be a great asset when trying to prevent intrusion into a computer.” They explain how not all attacks lead to the loss of valuable information, but intrusions exploit what they call “vulnerabilities” and that, “Once even the most innocuous of an intrusion exploits a vulnerability, it basically sends a signal to others that this computer has been infiltrated. This opens the door wide open to much worse attacks.”
Third-party threats: Many of those who work from home share living spaces with family or friends and, as often is the way, visitors call over. This shouldn’t make us paranoid, but it should reaffirm the importance of good habits: locking your computer when you are away, safely storing important documents as well as regularly changing passwords.
Internet browsing: When online it’s essential to use a secure website (indicated by https:// and a security “lock” icon in the browser’s address bar) to browse, especially when handling sensitive data. You should never use public, unsecured Wi-Fi when working remotely. When in doubt, use your mobile’s internet connection.
Entrepreneur.com argues there are two types of companies: “those that have discovered security breaches and those that don't yet know they've been breached.”
Data breaches are a fact of everyday life, but that doesn’t mean we should just accept it. The ability to manage the transition to a more mobile way of working while ensuring maximum data security will determine the winners of the digital age in business. Those who proceed with a growth-first, security-second mindset will eventually sink.
According to a study by Gemalto, 66% of consumers surveyed said they wouldn’t do business with a company that had had sensitive information exposed due to a data breach. Therefore, finding the sweet spot between maximum mobility and maximum security is one of the great challenges facing today’s companies who find themselves in uncharted waters.
Businesses need to create a sustainable approach that meets the need to be more agile and flexible without jeopardizing security. Without this, remote working will continue to be viewed by many as an emergency measure, rather than part of the organization’s DNA.