Most employers have always preferred onsite employees to ease management, communication, and collaboration. A decade ago, less than 10% of the American workforce telecommuted or worked remotely at least one day a week. And in most cases, these workers were primarily managers and white-collar professionals.
The COVID-19 pandemic has turned the way we work upside down. The World Health Organization (WHO) continues to advise people to maintain social distancing to curtail the spread of the disease. For this reason, many businesses have instructed their employees to work from home.
While the remote office has numerous benefits, this new world of telecommuting also comes with serious security risks that have the potential to jeopardize highly sensitive business information.
According to a recent report by Tessian, 48% of employees admit to being less likely to observe cybersecurity procedures while teleworking. Additionally, 52% of employees say they think they can get away with risky practices, like data sharing via email rather than more trusted channels while at home.
About half of the respondents see cybersecurity policies as an obstacle to productivity, compelling them to cut corners to work more efficiently. Other cybersecurity risks that are linked to working from home include:
These issues can compromise cybersecurity protocols and bring your organization to its knees in the event of a breach.
How do you prevent sensitive business information from falling into the wrong hands? Let’s take a look at three common ways cybercriminals exploit companies that rely on a remote workforce, and what you can do to help prevent it.
Working from home increases the use of email in communication, which has recently led to a spike in phishing attacks. Cybercriminals posing as public health agencies or government organizations are sending emails about COVID-19 embedded with malicious attachments or links.
The emails look legitimate, and they may include branding or logos of the impersonated organizations. If the hackers succeed, they can take control of an unsuspecting victim’s computer.
Train your employees to identify phishing emails with these tips:
If you open a suspicious email, update and run your security software, change your login credentials, and inform your credit card company or bank.
In most cases, network setups at home don’t match the cybersecurity level available in corporate networks. Companies rarely enforce their recommended cybersecurity policies in residential settings. Hence, there is a high risk of information breach or theft of the credentials used to access the organization’s system.
Companies can reduce cyber threats by insisting that employees exclusively use virtual private networks (VPNs). Employee training on standard cybersecurity measures, such as protecting their devices with firewalls, antivirus software, and intrusion prevention systems, can help. Workers should be encouraged to use secure passwords and change them frequently.
People who work from home often use multiple devices to access corporate information and complete tasks. Every gadget used creates a new loophole in the organization’s system. For instance, using a personal smartphone with inadequate security controls to access the corporate network is hazardous.
To prevent this, companies should consider supplying employees with secure devices to use away from the office. Otherwise, develop cybersecurity guidelines to govern the use of personal devices for work-related matters.
The new Cybersecurity Maturity Model Certification (CMMC) standards are designed to help contractors protect sensitive information when working with the Department of Defense (DoD). All companies that do business with the DoD will need to implement CMMC by January 2021 or risk losing contracts.
Coincidentally, these CMMC protocols are beneficial to any organization looking to mitigate cyber threats.
To become CMMC compliant, companies must fulfill the following conditions, among others:
Companies can achieve any of the five levels of certification based on the cybersecurity controls they possess. Level 1 requires basic cyber hygiene, while Level 5 demands advanced controls. The latter means a responsive and adaptable organization with the ability to combat advanced persistent threats (APTs).
Whether you are a DoD vendor or not, CMMC compliance will help augment your cybersecurity posture and protect your organization from cyber-attacks — even in this new age of regular telecommuting.
Concerned about cybersecurity and your remote workforce? Talk with one of our security experts to find the right solution for your needs.