How Corporates Can Reduce Risk Of Cyber Threats For Work From Home Employees?

How Corporates Can Reduce Risk Of Cyber Threats For Work From Home Employees?

SUMMARY

WFH is now being adopted by many industries and corporates, and even the government encouraging the same

Securing a remote workforce (while also ensuring productivity), is need of the hour

As an IT & Security professional, we need to implement and ensure compliance for all the controls needed

The concept of working from home and remote workforces is not new. However, with unforeseen circumstances of Covid-19, most of the organisations are suddenly forced to practice this work from home culture. This has opened doors for the bad actors and increased the possibility of a spike in hacks and breaches targeting businesses.

Therefore, it has become much more important to review how you are preparing yourself for this challenge? How are you planning to secure your valuable assets, and cope with the increased threat?

The organisations may be aware of the remote working security issues and concerns whether it is – employees using an insecure connection or, while not monitored, possibly expose sensitive data or, fall prey to luring phishing instances etc. But, WFH is now being adopted by many industries and corporates, and even the government encouraging the same, so as to comply with the social distancing measures.

Unfortunately, distressed times of uncertainty are prime time for hackers to launch attacks and we have already started see targeted Coronavirus-themed spam emails and phishing attacks in circulation, such as

  • Malware attacks disguised as sensationalized Covid-19 news or Charity pleas;
  • Coronavirus-themed spam spreading malicious Emotet malware;
  • A global email phishing scam carrying the logo of the WHO;
  • Targeted e-mail addresses to deliver a weaponized Word document embedded with a VBA Script ultimately dropping a new TrickBot variant;
  • Malicious coronavirus map hiding AZORult info-stealing malware etc., and so on.

Apart from phishing and use of malwares, now the latest development is that cyber criminals have developed a malicious software-laced Coronavirus tracking Android app, used as “CovidLock” Ransomware.

How Corporates Can Reduce Risk Of Cyber Threats For WFH Employees?

Therefore, it is imperative that organizations implement business contingency plans that prioritize protecting remote workforces from attacks. Securing a remote workforce (while also ensuring productivity), is need of the hour and there are several measures advised that should be implemented and practiced. Some of the important Guidelines ae below:

  1. Most important is to step up authentication mechanism and management of password e.g., policy around passwords (length, complexity, re-cycle etc.). This helps mitigate password guessing or cracking by a bad actor.
  2. Review the authentication mechanism and management of password. Increase security beyond the traditional password and username combination. e.g., Hardware security keys, Multi-Factor Authentication (e.g., 2FA, OTP, Biometrics, geo-restrictions etc.)
  3. Ensure Endpoint Protection (AV/AM) or EDR (End-point detection and response) is in place and up to date all the time. Adequate policies are in place to enforce the same and not allow users to work around the same.
  4. Ensure use a secure Wi-Fi network at home and avoid public Hotspots or open Wi-Fi. Take help/advise on how to change the password and disable unnecessary ports and configurations.
  5. Ensure Operating Systems and other Applications on Servers as well as endpoints are patched and latest. Automate the updating process as much possible.
  6. Plan adequate safe remote infrastructure; Use secure VPN and end-to-end encryption, for safeguarding data transmission. Use/configure VPN gateway, that extends business firewall rules to the end-user.
  7. Implement specific monitoring rules to detect attacks on remote infrastructure and utilize threat intelligence to detect threat actors targeting COVID-19 related themes.
  8. In addition, from the organization network perspective, incorporate network segregation wherever appropriate, and monitor and control communications at key boundaries.
  9. Also, get it tested by an expert for any vulnerabilities such as an unauthenticated, remote attacker exploiting configuration settings, and eventually organizational data.
  10. Use additional tools and solutions like DLP (Data Leak Prevention) and MDM (Mobile Device Management), to minimize the leakages and misuse of corporate data while working at home.
  11. Modify the Organization security policy (as required) to accommodate secure remote working methods (e.g., disallow external devices/ports, effective password management process etc.).
  12. Finally (most important), conduct refresher awareness campaigns covering phishing and basic IT security hygiene.

How Corporates Can Reduce Risk Of Cyber Threats For WFH Employees?

As an IT & Security professional, we need to implement and ensure compliance for all the controls needed to make remote working safe/secure. As a Risk & Security community it is our responsibility to increase public awareness on the danger of clicking onto any enticing link during these unprecedented times, and in general, be extra vigilant and observant. And (finally), a risk assessment should be performed not only specific to remote access methods but as a good practice, in general.

Note: The views and opinions expressed are solely those of the author and does not necessarily reflect the views held by Inc42, its creators or employees. Inc42 is not responsible for the accuracy of any of the information supplied by guest bloggers.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

How Corporates Can Reduce Risk Of Cyber Threats For Work From Home Employees?-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

How Corporates Can Reduce Risk Of Cyber Threats For Work From Home Employees?-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

How Corporates Can Reduce Risk Of Cyber Threats For Work From Home Employees?-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

How Corporates Can Reduce Risk Of Cyber Threats For Work From Home Employees?-Inc42 Media
How Corporates Can Reduce Risk Of Cyber Threats For Work From Home Employees?-Inc42 Media
You’re in Good company