August 21, 2022 - Shania Nadine K.
Remote Working: Top 5 Cyber Security Risks and Tips
Working from home or remote working has become a trend that continues to flourish even as the pandemic winds down, as workers prefer to work from home. Aside from increased benefits, working remote also brings risks that employees must face when working in an unsecured cyber environment.
The growing number of companies opening opportunities for their employees to work remotely has seen an increase in malicious exploitations of vulnerabilities in their organizations. Access from unsecured networks, usage of personal devices, sharing of passwords, and lack of cybersecurity awareness are seemingly small actions that give opportunities for attackers to target sensitive information and critical systems.
Wowrack has implemented a hybrid working policy, with some of our employees working fully remote until now. We know a thing or two about the difficulties of securing our infrastructures from these digital attacks. We are also developing advanced features and software for end-users to detect these digital attacks.
Here are the top 5 risks and tips on how to help you in the event a possible cybersecurity exploit might target you while working remotely and how you can prevent them from happening.
Cybersecurity risk #1: Passwords
Using the same password for every account
This increases the risk of getting all your accounts stolen once an attacker manages to log in to even one of your accounts. Getting your accounts stolen could also lead to giving the attacker access to sensitive information.
Using overly simple and obvious passwords
Never make easy-to-guess passwords. This includes your name, username, birthday,12345, qwerty, etc.
Since remote workers often work at cafes, hotels, and public spaces, it is common to want to write down those passwords on post-it notes or loose paper. The problem arises when you happen to forget about it. People who stumble upon your post-it note would have access to your account could take advantage and steal your credentials.
How to tackle it:
- Use a password manager tool
Password manager tools like 1Password and LastPass can help you come up with complex and unique passwords for each of your accounts, and you do not have to write them all down as all you need to do is open their digital vault to view those passwords whenever you need them.
- Never share your password with anyone
This includes your family members, friends, and co-workers, as they might also login using your credentials on their unprotected devices, which as a result increases your account vulnerability to getting attacked by hackers.
- Update your passwords regularly
This reduces your risk of someone else gaining access to your accounts, as someone might find your old passwords when you change or sell your old devices.
- Use Multi-Factor Authentication (MFA)
Setting up Multi-Factor Authentication (MFA) means adding a verification step to sign into an account or make transactions. This makes having only your password inadequate for hackers or attackers to access your accounts. This requires you to enter a one-time password (OTP) in addition to your original password. The OTP can be sent to you via text message, or you can retrieve an OTP via MFA apps such as Google Authenticator, Microsoft Authenticator, or Authy.
Cybersecurity risk #2: Unsecure Networks
Remote working gives workers the option to work from their homes, cafes, libraries— anywhere there is Wi-Fi. Employees access their company’s sensitive information while connecting to the unsecured network. This could result in their connection being vulnerable to what is referred to as a Man in the Middle attacks (MITM), as a lot of public Wi-Fi networks are poorly encrypted or not encrypted at all. This means a perpetrator is actively routing your data— essentially eavesdropping and interrupting your data when you surf the web.
How to protect yourself:
Connecting to a virtual private network (VPN) can help you prevent being the target of a MITM attack. The VPN encrypts your connection in a way that your data will go through the VPN servers instead of the internet service provider. In this process, your IP address is altered, hiding your true online identity from prying eyes.
Nowadays, companies provide VPNs for their employees to utilize. This can only be accessed by their employees as it requires them to insert their username, password, or OTP to be able to use it.
Want to set up or manage a VPN for your company to utilize? Check out Wowrack’s Managed Solutions
Cybersecurity risk #3: Inadequate Security Reviews
A common mistake that many companies still make is not considering their security posture. A company’s security posture is the overall readiness to tackle challenges related to cybersecurity. This includes loss of data due to cyber-attacks, ransomware, data breaches, and other cyber threats. Inadequate review of their security posturing could lead to unreadiness to face the ever-changing landscape of cybersecurity threats. This impacts not only the IT department but the organization as a whole.
How to solve it:
Start developing a habit of regularly reviewing your company’s cybersecurity posture. This way, you can know in which specific areas your company needs to improve to strengthen your cybersecurity posture. If these are implemented properly, it can reduce your cybersecurity risk.
Security services providers can also help provide you with cybersecurity metrics to help you with measuring your cybersecurity posture. They’ll assist in the reviewing process and can help give you insightful advice on how to improve your cybersecurity posture.
Read More: https://www.wowrack.com/blog/security-operations-the-solution-for-modern-cybersecurity-needs/
Cybersecurity risk #4: Ransomware
According to the 2022 Cyber Threat Report by SonicWall, ransomware attacks worldwide have increased by 105% in 2021. Remote workers need to be aware of this trend to avoid falling trapped into phishing emails, as it is one of the easiest ways for attackers to infiltrate the company’s network. Once a company’s system is attacked by ransomware, the company might have to pay a hefty sum to get its data back or to prevent it from being leaked. There is also no guarantee that the company can ever get its data back post-attack.
How to prevent it:
Aside from providing their employees with proper training about how to avoid phishing scams, businesses need to also invest in backup software that can quickly and reliably backup and restore all their data whenever needed. Veeam is an example of backup software that we utilize and offer at Wowrack. Aside from backup software, we also recommend businesses invest in security software that can prevent their employees from clicking on suspicious links or websites before they reach the company’s network or any endpoints even when the employees are not connected to the company’s network, such as using the Cisco Umbrella.
Read More: https://www.wowrack.com/blog/4-steps-to-protect-backup-from-ransomware/
Cybersecurity risk #5: Lack of Cybersecurity Awareness
According to a survey by Unisys in 2021, 61% of hybrid and remote workers claimed that they are cautious about clicking links in text messages, emails, or social applications. However, only 44% are aware of SMS phishing. This shows that there are a lot of remote workers who still lack awareness about cybersecurity.
Parallel to that, in a 2021 survey held by TalentLMS and Kenna Security, it was reported that 31% of companies do not provide cybersecurity training to their employees. Moreover, among those employees who had joined the training, only 39% passed the basic cybersecurity quiz.
How to stay educated:
Companies should regularly provide insightful cybersecurity training sessions for their employees. Employees should also routinely attend and pay attention to those sessions, as this is beneficial not just for the company but also for general knowledge.
In the session, aside from explaining how to avoid phishing messages or links, companies can also explain further how to access the company’s network securely when the employees are working remotely, as well as the do’s and don’ts while working remote to increase the employee’s awareness of the cybersecurity challenges they might face while working remotely.
How Wowrack Can Help You
Need assistance in making sure that your remote workers are accessing your corporate networks safely? We are here to help you in assessing and increasing your company’s security posture. Contact us now for a free consultation with our team. Our team of experts is ready to help you 24/7.