The sudden shift to remote work turned our previously embedded assumptions about how work should be done upside down — and cybercriminals noticed. With many companies forced to suddenly embrace work-from-home on a condensed timeline, security fell to the backburner because a.) organizations assumed this would be short-lived, and b.) they figured they could circle back to security once everything was up and running.
During this time, we have observed a significant number of malware campaigns, spam campaigns, and outright scams that preyed on the fears and uncertainties of the global population. These ranged from fraud schemes related to economic stimulus programs offered by the U.S. Small Business Administration to the Maze ransomware hacking group attacking a British research company that was preparing to conduct trials of a COVID-19 vaccine. Throughout COVID-19, cybercriminals have continued to capitalize on unsecured work-from-home computing to deliver new malware and test new techniques.
Many company leaders intend to permit remote working some of the time as employees return to the workplace. As we continue to embrace working from home, here are a few tips to ensure you keep your people, data, customers and organization safe.
1. It All Starts at the Endpoint
In simple terms, an endpoint is one end of a communications channel – it’s any device that is physically an “end point” on a network. It refers to parts of a network that don’t simply relay communications along its channels or switch those communications from one channel to another. An endpoint is the place where communications originate, and where they are received. Endpoints can be anything from desktops, laptops, servers, and virtual environments, to IoT devices like wearable fitness devices, printers, smart TVs and even toaster ovens.
Today’s challenge is that everything is digital, and protecting the endpoint isn’t as easy as it used to be. Virtually any device can be connected to your network. And therefore, just as physical items can be stolen or broken, today’s precious assets are increasingly susceptible to cybercrime that seeks to halt business activity, steal data, and steal money – all digitally.
2. Understand What Is On Your Network
Protecting the endpoint is your primary task, but ask yourself this question: do you know how many devices are connected to your network? You may be surprised to learn that beyond traditional endpoints (think desktops, laptops, and servers), most organizations are running completely blind. It doesn’t have to be that way.
You can’t protect what you can’t see, so it’s imperative for organizations to be able to map what is on a network and fingerprint devices to see what is connected — and more importantly, unprotected. With the help of an AI-driven endpoint protection platform, organizations can easily identify and see each and every device connected to the network.
3. Secure Company Devices
Even though employees won’t be working out of the office, it doesn’t mean they’ll necessarily always be working from home. We’re seeing employees take their work with them, whether that means working in a socially distanced park or working out of their hotel on vacation. When choosing to work from any public network, employees are exposing themselves to the risk of potentially exposing company data that resides on their laptop locally.
Here’s a few tips to help keep your company devices secure:
- Make sure all company devices use full disk encryption so that if a laptop happens to get lost or stolen, the data on the device will not be accessible to thieves.
- Use password management so that all accounts on the device require unique login credentials.
- Remind employees to log out whenever the system is not in use, even at home.
While these may seem like basic security practices, it’s always a good idea to remind your employees not to be that Starbucks customer who goes to the counter for a refill while leaving an open laptop on the table.
4. Be Smart When Accessing Company Networks
Providing remote access to your corporate network always increases the risk of your organization’s data getting into the wrong hands. This often happens when employees let their guard down and engage in behaviors they normally wouldn’t at the office, such as using their company device for personal activities.
To better protect your data, use a zero-trust security solution to connect remote employees to your organization’s networks and servers. A zero-trust solution creates a direct connection as if the device were connected to the organization’s LAN. And, don’t be afraid to remind employees that a laptop used at home is still company property, and should only be used by the employee themselves for work-related activities. Any non-work-related activity should be conducted on the employee’s own devices.
5. Beware of Phishing Campaigns and Malware
With the increase in email and other text-based communications to stay connected while working remotely, it can be hard for employees to differentiate what emails and communications are legitimate, and what are not.
As phishing and malware campaigns continue to rise, be sure to remind your employees to inspect links before clicking by hovering over them with the pointer to see the actual URL destination. Another easy way to help your employees protect themselves from falling victim to such campaigns is to use an automated endpoint detection and response security solution that can block malicious content if it is executed by the user.
With the vast majority of the workforce changing its habits, securing the world’s commerce, communications, and precious digital assets has never been more critical. As we embrace our new normal, enterprises can secure work-from-home computers and ensure that all surrounding IoT devices are prohibited from communication with enterprise assets — by having the correct tools and strategies in place to defend every endpoint against every type of attack, at every stage in the threat lifecycle.