Corporate Defences Against Potential Cybersecurity Threats From "Working From Home"

Over the past few years, it has become clear that simply trying to block cybersecurity threats is not enough to protect a company. Everyone knows that firewalls and traditional antivirus solutions are inadequate because intrusions are unavoidable. Despite the growing need for cybersecurity, most companies are committed to protecting on-premises network security, but by allowing employees to work from home. We haven't taken enough time to figure out how to protect your company from the threats that arise.

Due to the spread of the new coronavirus (COVID-19), many companies are now instructing or permitting employees to work from home. This created another opportunity for cybercriminals to attack businesses. Companies with a culture of working from home (such as Google) are already prepared for such threats. Companies without a telecommuting culture, on the other hand, are more likely to rely on on-premises network security protocols and are not prepared for the threat posed by employees working off-premises.

Teleworker employees may access and transfer personal information about customers and staff as well as trade secrets. Improper leakage of either information can have a significant negative impact on the enterprise. Leakage of trade secrets can lead to significant business damage or loss.

Teleworking employees may use a personal computer instead of a company-issued computer. In addition, you may choose a straightforward method, such as downloading or storing sensitive corporate material to your personal device, desktop, hard disk drive, USB drive, and cloud file hosting service (such as Dropbox). Enterprises are exposed to cyberattacks by storing materials on personal devices that do not have the appropriate security systems (such as enterprise-approved antivirus software, password protection technology, or secure network connections). Employees need to be reminded that the risk of this is increasing.

In addition, employees who work from home "outside their home" (ie, such as coffee shops with Wi-Fi) are also vulnerable to "physical infringement." This is because laptops and devices can be left unprotected in places where the physical security of the office is not set, such as in a car or coffee shop. In addition, if an employee works in a public place such as a coffee shop, a third party may look at the computer screen and pose a security risk to trade secrets or personal information.

To prevent these threats, companies need to set up "remote work policies" that all employees are aware of and comply with. This policy should include items such as:

• Have all employee devices install enterprise-provided security software and the latest software updates before granting access to remote systems.
• Require multi-factor authentication every time you log in to the corporate portal
• Only allow remote access over VPNs (Virtual Private Networks) with strong end-to-end encryption
• Prohibit work in public places such as coffee shops and public transportation where third parties can see screens and printed materials
• Prohibit the use of public Wi-Fi and direct the use of secure, password-protected home Wi-Fi or hotspots
• Set additional credentials when downloading certain sensitive data
• Allow users to report security issues quickly and easily with an easily memorable email address, such as security@yourcompany.com.

Of course, the transition to the current "working from home" is an urgent task, and it is not feasible to implement all of these steps immediately.

In the future, companies need to be prepared for the associated cybersecurity risks in case another natural disaster suddenly forces all employees to work from home. This requires preliminary planning and further effort.