A remote workforce has sprung up very quickly as businesses take measures to protect employees and customers from the spread of COVID-19. A recent MIT study reported that 34.1% of workers who commuted to work just four weeks earlier were working remotely as of the first week of April 2020. However, the rapid shift from office work stations to home work stations left these businesses with little time to plan for safe and secure remote work.
Known Security Pit Falls of Work from Home
Security pitfalls can develop in any network. However, home offices are particularly vulnerable to security threats such as malware, stolen network credentials, and phishing attacks because:
- Unsecured devices: A home network may include devices such as security cameras, voice assistants, and smart TVs that could be hacked to gain access to the home network.
- Wi-Fi access: Wireless networks are vulnerable to hacking because they do not require a physical connection like a wired Ethernet network.
- Multiple users: Family members, roommates, and even former houseguests may have network credentials stored on their phones, tablets, and laptops.
- Outdated systems: Personal devices used for remote work might have outdated or expired anti-virus software. Likewise, security patches for known vulnerabilities in applications and operating systems might be missing.
Types of Vulnerabilities
According to the Identity Theft Resource Center (ITRC), the number of cyberattacks is expected to explode in 2020 as hackers exploit home work stations. Due to workers’ and employers’ inexperience in remote work, they may fall prey to many conventional attacks including:
- Malware: Malicious software, including computer viruses, can make their way into a business’s network from home offices. This known vulnerability is particularly acute when multiple family members use the same computer to download files and install software.
- Phishing: Phishing attacks obtain legitimate login credentials by sending deceptive or threatening messages. Inexperienced remote workers are vulnerable to phishing attacks that trick them into disclosing their usernames and passwords to their company’s network.
- Ransomware: A type of malicious software, ransomware threatens to delete data or destroy computer systems if a ransom is not paid to the attackers.
- Man-in-the-middle: Data-on-the-move is vulnerable to interception. While some applications encrypt data before transmission, many widely used applications for email and messaging do not.
Other non-malicious vulnerabilities have also surfaced as a result of increased remote work. For example, several security pitfalls in Zoom, a popular video conferencing platform, have been identified. Zoom collected user data and sent that data to Facebook without users’ knowledge. Zoom’s camera and microphone controllers could also be used as a pathway for hackers to gain control of users’ computers. Zoom’s claim of end-to-end encryption proved to be misleading because transmissions could be mined by Zoom and any hacker that intercepted the transmissions.
In addition to security pitfalls, users who do not understand how Zoom works or are lax in their application settings can expose Zoom meetings to “Zoombombing.” Zoombombing occurs when an intruder finds a meeting URL and joins a meeting uninvited. While this security pitfall can be eliminated through a combination of training and configuring users’ security settings, the rush to transition to remote work left many businesses unable to prevent it.
Safe Work from Home with Managed IT
Both malicious and non-malicious security pitfalls can be addressed through careful in-house or outsourced network administration. When network administration is outsourced, it is referred to as managed IT services.
Managed IT services can take different forms, incorporating some, or all, of the following components:
- Policies: Develop policies at both the user level and enterprise level for securing networked devices, controlling access to the managed network, and detecting security threats.
- Training: Train employees in safe computer use. This includes training in the handling and reporting of suspicious emails and files.
- Configuration: Install security software and configure network and operating systems to minimize security risks.
- Maintenance: Patch known security vulnerabilities in applications and operating systems and remove, update, or replace obsolete applications and hardware.
- Monitoring: Monitor the managed network for unusual activity that might signal a lurking threat from malware or an unauthorized user.
- Threat response: Remove threats, investigate the security vulnerability exploited, and secure the managed network so the attack cannot reoccur.
Managed IT services are usually provided remotely. Consequently, network administrators can set up home work stations just as easily as they can set up office work stations. The uniformity and consistency in policies, configurations, and threat handling can substantially reduce your exposure to security pitfalls by eliminating weak points in your network defenses.
Making Up for Lost Time to Secure Work from Home
Cyber attackers are looking to exploit the rush to remote work by stealing valuable data to ransom or sell. Acting proactively to secure home work stations can reduce a business’s exposure to security pitfalls and avoid falling victim to computer intrusion and data loss.
Contact us to learn how managed IT services can secure your entire network, including devices used by employees who work from home.