Authored by Stephen Crow, UKFast’s Head of Security and Compliance
The transition to mass home working over the past month or so has offered little time for companies to formulate secure remote-working policies. As a result, threat actors have taken much delight in exploiting common flaws in remote working, and the wave of coronavirus-related cyber-threats is still being experienced across the world.
At UKFast, we’re fortunate enough to have a team dedicated to security and compliance to help the company transition smoothly and safely to remote working, while also providing support and guidance for our customers throughout this challenging time.
The statistics show that more than half of IT and security professionals are concerned about the safety of accessing their corporate networks from outside the office. With home- and remote-working security at the forefront of everyone’s minds, below I’ve highlighted a few ways in which your business can optimise security for remote workers.
Regardless of how your team connects into the office, the process of employees accessing resources needed for the working day must be secured. Crucial steps are:
Zero trust assumes that threat actors are present both within and outside of your organisation’s network. It is a crucial aspect of securing a remote–working setup. Core principles of zero-trust architecture include:
As we’ve seen with a lot of businesses recently, the rush to maintain normal levels of collaboration across teams now working outside of the office often leads to using unsecured communication channels and this can result in data loss. I’d highly recommend implementing a data loss prevention (DLP) strategy. It is a key step to maintaining data protection policies within the office and beyond. Without a DLP policy in place, your business risks data loss or a data breach if sensitive or personally identifiable information is compromised.
Three steps to follow are:
Compliance strategies are often built around office working and may not consider employees or devices leaving the safety of the company premises. If your business does not consider how industry standards will be maintained throughout a remote–working scenario, you risk unintentional non-compliance.
Methods mentioned above, such as DLP, MFA and MDM, all help your business to gain greater control over user and device access to business information, aiding compliance. Other practical steps for maintaining remote working compliance include but are not limited to:
As a new wave of cybercrime takes hold, thanks to COVID-19 clickbait and incorrectly configured remote-working setups, employee awareness must be a top priority within your team. Employees only need to download an infected attachment, click a malicious link, or give attackers one piece of information they need to compromise the security of your entire organisation.
At UKFast, we regularly run phishing campaigns to test the competency of employees. These tests assess the ability of employees to identify and report suspicious emails, links and attachments. Anyone who fails the test – clicks on a malicious link, inputs credentials and so on – is given further training to improve their awareness.
Providing official documentation outlining how your team can follow security best practices, wherever they are, also helps. This should cover:
The importance of employee security awareness has only been reinforced by the increase in cybercrime experienced during global lockdown.
With a dependence on online communications part and parcel of remote working, attackers have really taken advantage of unsuspecting employees via clickbait phishing emails and highly personalised, fake messages intended to steal user credentials and business data.
As DDoS attacks aim to knock company networks offline and halt remote working operations from the top-down, phishing attempts, malware and ransomware continue to be the most significant threats facing remote working teams at user level. Google’s Threat Analysis Group reported a 350% increase in phishing emails from January to March 2020, with 18 million COVID-related malware and phishing Gmail messages detected per day in April.
Overall, there’s never been a more critical time to review and improve your business’ security strategy. We’ve seen a huge uptake in cloud-hosted desktops, virtual desktop infrastructure (VDI) and virtual private network (VPN) solutions as businesses get to grips with the most secure ways to access the office remotely.
As lockdown measures continue to change and evolve on a weekly basis, remote working is fast becoming not just a short-term tactic, but a long-term strategy for businesses across the world. We’ll be continuing to support our customers in whatever way we can as we emerge into the ‘new normal’ over the coming months.
If you want to know more about UKFast’s secure remote -working solutions, speak to an expert today on 0800 953 9903 or head over to our remote working page.