As companies across sectors encourage—and even mandate—that their employees work from home to protect themselves and others from the spread of coronavirus, IT professionals are tasked with the increasingly complex and challenging responsibility of cyber safety for employees’ devices and companies’ networks.
Last Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), issued an alert that individuals and organizations are likely to face increased cyberthreats from malicious actors attempting to target weakened network security as a result of more people teleworking.
For organizations that already offer work-from-home options for all or many of their employees, their network infrastructure and institutional awareness are most likely prepared to protect them from outside cyberthreats. But for companies and employees where the option to work from home is new, it is important that IT professionals and individual employees take the steps necessary to prevent attacks.
Infoblox recommends that businesses implement the following guidelines and best practices to ensure the security of their networks and corporate data while employees are working from home.
Develop and communicate clear and consistent cyber safety policies
It is essential that employees have clearly defined IT policies and protocols in place for working from home. These cyber safety guidelines should include, but are not limited to:
- Making sure that employees use only approved devices to access and store corporate data, where possible;
- Mandating the use of strong passwords—at least 12 characters—when accessing corporate networks; and
- Implementing multi-factor authentication—ideally with hardware tokens instead of text messages (which can be spoofed).
Leverage technological solutions for cyber safety
Companies most likely already have a robust security infrastructure in place to ensure the cyber safety of their corporate networks. With users increasingly working from home, the traditional corporate security perimeter has vanished and VPNs are often no longer necessary to get work done. Instead, employees are increasingly using cloud applications, many of which have not been vetted for security issues.
Network managers and security teams need to ensure that technologies used when working from home are ready and secure, including:
- Ensuring that all corporate security products are patched and updated to the most recent version across users;
- Providing a fast, secure, reliable and easy way to protect users, enforce acceptable use policies and ensure business continuity; and
- If they continue to use VPNs, ensuring that they are encrypted, updated and protected with strong passwords and 2-factor authentication; and
- Increasing the monitoring of endpoint, email and remote access security events.
Educate employees about the increased risk of cyberthreats
Above all, employers should make sure that employees are aware of the increased risk of cyberthreats tied to the coronavirus pandemic and train them on how to avoid them, including:
- Alerting employees to expect an increase in phishing attempts and other malware, and to not respond to any emails seeking personal, corporate or financial information;
- Reminding employees that malicious actors often disguise themselves using legitimate-looking email addresses and to verify a sender’s identity before clicking on a link in an email; avoid clicking on links in unsolicited emails; and to be wary of email attachments (for example, malicious actors are using fears of coronavirus to distribute the LokiBot malware);
- Teaching employees how to make sure their work-from-home setup is secure and that WiFi and other devices are properly configured; and
- Re-enforcing with employees the importance of reporting suspected security events.
As networks continue to be more decentralized and more employees take advantage of the benefits of working from home, securing networks from malware and other cyberthreats will remain a challenge. Emphasizing and implementing these cyber safety best practices for working from home will help IT managers ensure that corporate networks remain cyber-safe.