COVID-19 has changed the way we live, think, work and operate in a way that was never envisioned. Many organizations have now embraced the hybrid model, with employees splitting time between in-office and remote work.
Working from home (WFH), whether full-time or part of the time, offers employees newfound flexibility, but it makes organizations increasingly prone to cyberattacks, with the employees being a weak link between the organization and the hacker. Consequently, organizations need to improve their cybersecurity posture to safeguard their servers, electronic systems, networks, and data from malicious attacks.
What must organizations do to keep secure from cyberattacks as their employees split tasks between the office and their homes, or remain at home altogether? Here are some key considerations:
Implement a WFH policy. Organizations should draft a WFH policy to act as an agreement between them and employees. This realistically describes the expectations of the employer while the employee works from home. It can entail what the employee needs to do to ensure that they are not the source of any attacks.
Incorporate mobile device management. The organization’s IT department should implement policies that secure, monitor and manage end-user mobile devices that are used for Bring Your Own Device (BYOD) to avoid instances in which such devices act as a loophole for an attack.
Multifactor authentication. Employers should use what employees know, what they have and what they are to authenticate them rather than asking for only the conventional username and password. The requirement of additional verification factors provides a much-needed additional layer of security, and fortunately, has become increasingly commonplace.
Utilize non-disclosure agreements. Employers should sign non-disclosure agreements with employees to deter them from sharing company information with family members, housemates and friends since they are vulnerable to shoulder surfing while working at home.
Prioritize security awareness campaigns. Regular training and awareness should be done to keep employees abreast of the various information security threats in this new environment, and the company’s policies and procedures for addressing them.
Implement data leakage prevention (DLP). A data leakage prevention solution should be implemented as a control against leakage of business-critical information. Any private information for the organization should be filtered on the corporate network to avoid any form of leakage.
VPN Access. There should be a secure VPN tunnel between the organization’s local network and the employee. This guards against Man in the Middle (MIM) attacks on the network by providing online privacy and anonymity through creating a private network from a public internet connection.
Cybersecurity should be a top consideration for organizations because of how much they have to lose in the case of a breach, and that reality has only become more apparent with the shift to remote and hybrid workforces as a result of the pandemic. The safety of computer systems, servers and networks should be at the forefront for any organization to enable them to securely achieve their mission and objectives.