The Rise of Cybersecurity in a Work From Home World
A recent Vistatec/KnowBe4 inspired cybersecurity webinar discussed the increased importance of work-from-home cybersecurity. Major security breaches are becoming increasingly common; the Colonial Pipeline and Republic of Ireland’s health service are recent victims.
The hack of the Republic of Ireland’s IT systems has been described as “catastrophic,” and “stomach-churning.” Healthcare workers in Ireland are having to use paper records while work to recover IT systems continues. A significant number of outpatient services have been canceled due to the cyberattack, and Health Service Executive (HSE) national clinical advisor stated the cyberattack was “affecting every aspect of patient care.”
The Colonial Pipeline Cyberattack shut down the biggest U.S. gasoline pipeline earlier in May, stealing 100 gigabytes of data before locking company computers with ransomware and demanding payment ($5 million was paid to restore the system).
We have also seen a cyberattack against JBS USA, which is the world’s largest meat supplier with more than 150 plants in 15 countries. In this particular case, the company’s backup servers were not affected. As you might imagine, cyberattacks can occur in virtually any industry, no matter how well-protected.
The New Cybersecurity Threat Against Remote Workers
As many as 80 percent of company leaders now plan to allow employees to work remotely at least part-time, 47 percent say they will enable work-from-home employees to do so full-time. This is good for workers and good for employers, but there are cybersecurity risks that must be addressed.
Many security dangers come with a remote workforce—employees rely on home networks and often their own devices. IT departments are less able to help work-from-home employees due to the sheer logistics. At the same time, workers are more vulnerable without office firewalls and blacklisted IP addresses.
Vulnerabilities of Remote Workers
Cloud documents, emails and attachments, instant messages, and third-party services are all vulnerable to cyberattacks. One of the significant threats faced by remote workers is phishing emails. These are scams that look like an actual email from someone you know, or an organization you currently do business with.
The goal of these phishing emails is to persuade you to reply with your personal details or download a malicious attachment that contains a keylogger. Phishing emails have increased more than 600 percent since the beginning of the pandemic, taking advantage of the uncertainty across the globe.
Security awareness training company KnowBe4 estimates that a full 38 percent of untrained users will be susceptible to phishing schemes. They know this because KnowBe4 simulates phishing attacks at companies to determine how vulnerable the employees are, then trains those same employees and runs the simulations again.
The number of employees who were initially susceptible to phishing dropped by 60 percent after 90 days of phishing training, using real-world simulation exercises. Phishing emails have become so sophisticated, it is more complex and challenging for employees to detect, so phishing training is crucial.
Weak passwords are another area of concern for remote workers; when employees safeguard work accounts with weak passwords, disaster can result. Of course, most companies use VPNs, firewalls, and other cybersecurity software to protect remote networks, but if a password is weak, none of that will matter. Further, most of us are creatures of habit, using the same password across many business and personal accounts. This means that once one account is successfully hacked, it’s only a matter of time until others are attacked.
File sharing—very common with remote workers—can be another vulnerable area. Most companies encrypt data stored on their network but may not consider encryption when data goes from one location to another. Think about the level of sensitive data your employees share daily such as company files and client account information. If these files were to be intercepted by a cyberattack, you could find yourself dealing with ransomware attacks and identity fraud for months (or years) to come.
Consider having your employees use Outlook that has features to convert plain text emails to scrambled text, meaning only the intended recipient (with the key) can decipher. Some business phone providers also have features to encrypt and secure voicemail. File-sharing platforms like OneDrive and Dropbox will also encrypt data.
Employees’ home wi-fi networks and personal devices can also create security risks for company data. While most employees know to have antivirus software on their computers and phones, many forget to consider their wi-fi networks and may not have a solid firewall in place for their home network. Companies with the budget should consider providing each remote worker with a firewall to secure the home wi-fi network. If your company cannot offer work laptops to each employee, you should consider Desktop-as-a-Service (DaaS) which transforms a personal device into a work desktop.
What is a Human Firewall?
A human firewall is the actual humans who work for a company who can be trained to recognize and defend against cyberattacks. Some of today’s phishing schemes are so sophisticated that even the savviest employees can be scammed. With training, however, those same employees are an essential line of defense against cyberattacks.
Education is the key to building a human firewall, and a little training can go a very long way. Once you bring all the employees at your company on board, teaching them the ways they will protect the company’s security system, they will play an integral part in protecting your company.
Human firewalls can also be strengthened through multi-factor authentication or two-factor authentication, adding another layer of security in a cyberattack. A multi-factor authentication calls for individuals to secure their accounts by requiring something the employee knows and something they have (a password and their phone or another device).
We have been helping some of the world’s most iconic brands to optimize their global commercial potential since 1997. Vistatec is one of the world’s leading global content solutions providers. HQ in Dublin, Ireland, with offices in Mountain View, California, USA.