11 May How We Cyber Protect Our Data and Remote Workforce
By James McGriff
With the COVID-19 pandemic every major business found that the only way to keep production up was to let employees work from home, including government agencies. While this workforce keeps production and revenue flowing, it adds considerable cybersecurity risks to the organization and its private data. With an at-home workforce, users work on their own network and devices while using their own ISP without enterprise-level cybersecurity defenses. Even though IT loses control of devices when users work from home, organizations can still take steps to protect data from hackers.
Integrate Two-Factor Authentication on Business Systems
To help reduce threats from phishing and social engineering, two-factor authentication (2FA) adds a layer of cybersecurity. This is a current project that we are unveiling for all our clients accessing their most critical information on our TransAccess Records platform. Even with the best cybersecurity training, users still make mistakes. They could be busy and forget their training, or they could be a target of a very convincing social engineering attack. An attacker might be able to trick a user into divulging credentials, but two-factor would stop the attacker from being able to authenticate using the user’s account name and password.
A two-factor system greatly reduces risk, but it’s not 100% secure. Users should still be trained to stay aware of social engineering. A good targeted social engineering attack will get the user’s 2FA identification number from the user during the authentication process. In addition, attackers have already bypassed 2FA by intercepting PINs sent in text messages.
Require Remote Wiping Apps on Mobile Devices
Administrators sometimes forget about physical threats, which can also put business data at risk. Users that store business data on their smartphones are at risk of having their devices stolen and data extracted from it. With a remote wiping app, a user or IT worker can delete all data on the device after it’s stolen.
A remote wiping app runs in the background and deletes all data, but users must also have a passcode on the device. It could be hours before the user realizes the device was stolen, and a passcode will stop the attacker from having physical access to the data during this time. Most modern, updated smartphone operating systems will not allow a user to access data without first entering the proper passcode.
Ask Employees to Keep Antivirus and Anti-Malware Applications Updated
Unless you issue company devices, you can’t control the software on a user’s private computer, but you can request that they keep anti-malware software up to date. Users can disable antivirus software on operating systems such as Windows, and this puts their own device at risk. They should be instructed not to disable cybersecurity applications. Not only should these applications always be enabled, but they should be patched every time the vendor deploys a new update.
To help facilitate better anti-malware defenses, the organization can purchase an enterprise license that would cover home devices as well as on-site machines. By investing in cybersecurity, the organization better protects assets from malware downloaded and executed on the user’s device
We can’t protect our data from all attacks, especially with work-at-home employees. However, we can take the proper steps to defend against common attacks and avoid a major data breach from human error. Users are unaware of the numerous ways an attacker can gain access to data, and attackers are aware of the disadvantage to organizations. Social engineering and phishing attacks have increased since companies have more work-at-home employees.
Even with a disadvantage, corporations can train employees to identify phishing and social engineering attacks. By requiring specific services activated and offering software for free, an organization can protect their user devices while defending corporate data simultaneously.