Is your remote workforce exposing you to dangerous new security risks
One of the most challenging and unexpected shifts in your organisation’s IT environment has occurred over the past weeks. As COVID-19 has forced many employees to work remotely from home, IT teams have been tasked with quickly facilitating these new remote working arrangements.
While business continuity is a key concern for NZ organisations right now, we also know that keeping data secure is of equal importance. After all, few organisations need to deal with the devastating disruption of a data breach right now.
So, what sorts of risks are organisations exposed to from a remote workforce, and what are the solutions available for keeping our people and data secure?
Having everyone in your organisation under one roof during work hours certainly has its benefits. You can have every employee tethered to a desktop, sitting securely behind your corporate firewall and web content filtering systems.
Currently, your employees may be working from home on a device they share with their family, using only their internet provider’s firewall and a free antivirus program they haven’t updated in months. Yet they’re now pulling various forms of corporate data onto that device and logging into a variety of enterprise applications.
If ever there was a cyber attacker’s ideal target, these remote, unsecured devices are the jackpot. In terms of the tactics that attackers will deploy to capitalise on this lack of defences, they combine traditional methods with new innovations specifically for 2020.
Sophisticated Phishing scams
CERT NZ has outlined a global increase in reports of cyber criminals using the COVID-19 pandemic as an opportunity to carry out malicious cyber activity and trick people into downloading malware or to enter into a phishing website.
Individuals around the world have been targeted by coronavirus-themed phishing emails, with infected attachments containing fictitious 'safety measures'. The email is not legitimate and instead installs malware on the device that is designed to steal personal information.
Security researchers have identified a new campaign where the attackers claim to have a ‘coronavirus map’ application that people can download onto their devices. Instead, the application is malware, designed to steal sensitive information from the device it is downloaded onto, such as passwords.
Widely recognised as one of the leading causes of data breaches, phishing attacks are the type of social engineering attacks that are tailormade for exploiting unsuspecting employees. All an employee has to do is click on one malicious link or attachment, and they’ve allowed attackers to infiltrate their device.
Inadequate Wi-Fi security and weak passwords
When compared to office environments with enterprise-grade security installed across the network, an employee’s home Wi-Fi network will likely have much weaker protocols such as WEP instead of WPA2 or WPA3 for network passwords. This enables hackers to more easily hack into an employee’s network traffic to steal data or install malware.
We also know that home device and application login passwords are likely to be comparatively weaker than they need to be. Once again, cracking these passwords is light work for today’s cybercriminals, and will quickly enable an attacker to gain access to a device, application or portal.
While Virtual Private Networks (VPNs) can be the answer to many of our remote work challenges, when inadequately configured, they can expose our users and data to yet more unseen risks. We see many organisations using legacy VPNs that are no longer fit for purpose in securing users and their devices against the new generation of attackers.
Because they’re often difficult to deploy and configure at short notice, they don’t create the kinds of secure policy-based access we need for on-premise and hybrid cloud applications and data.
At Softsource, we know the only way to create a robust security posture is to secure each of the devices our employees are using. Any other security measure will be pointless unless you can get complete visibility and control over every device within your organisation.
As part of our Desktop as a Service (DaaS) offering in partnership with HP and Intel®, our highly qualified team of IT service providers can ensure your workers' desktops are safely secured, regularly patched and possess the latest protection software to thwart the growing number of threats. Get in touch with us today to find out how we can give you peace of mind for your remote workforce.