For the foreseeable future, most of us will be working from home. While there is a lot of excellent technology to help us do that there are also security issues to be aware of.
Situations like this are perfect for cybercriminals and they will be looking for the new vulnerabilities in your business's cybersecurity.
To help we have collected the best advice, tips and things to look out for when working from home. By following these tips you should be able to work from home securely.
Advice on how to work from home securely
Plenty of guidance has been released about securely working from home. The Cybersecurity and Infrastructure Security Agency (CISA) released an alert encouraging businesses to adopt a heightened state of cybersecurity.
The CISA encouraged businesses to review the following recommendations when considering remote working:
- Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.
- Alert employees about the expected rise in phishing attempts.
- Implement Multi-Factor Authentication (MFA) on all VPN connections to increase security. If MFA is not implemented, then advise employees to use strong passwords.
- Ensure your test VPN limitations to prepare for mass usage. Consider the amount of bandwidth you will need for all workers to access.
What to track to combat security threats
Suspicious remote access connections
When working from home, a VPN service creates the most secure way of accessing corporate resources, provided that VPN sessions are carefully monitored. IT admins and security managers monitor the logs to detect suspicious VPN connections.
Data access in the cloud
Modern cloud-based storage systems, such as SharePoint Online, play a huge role in facilitating remote work, but they also become especially vulnerable to attack when an entire team of employees is accessing the sensitive data stored there from home.
All too often, users put their convenience over security, and as such they tend to load documents onto personal devices, putting the security of those files into jeopardy.
Privilege escalations in Microsoft Teams
Users in Microsoft Teams are often granted excessive privileges by negligent coworkers, who simply add them to a team to share access to files. While this may appear to be the easiest way to collaborate on projects, it also goes against the principle of least privilege.
Spike in failed activity
Multiple failed attempts by a user to log in or to access files and folders may indicate an insider is trying to access sensitive data without a legitimate reason but it might also be outsiders trying to gain access. Being able to spot such incidents makes you more likely to prevent insiders from harming your critical data.
Excessive access permissions on Sharepoint
The urgent need to shift to remote work exposes a business to increased risk from malicious insiders, who were just biding their time to act. To reduce the number of cybersecurity incidents involving your sensitive data (both stored on-premise and in the cloud), you should ensure your users' access permissions are kept strictly in line with your business requirements.
Other vulnerabilities to be aware of
This isn’t a cybersecurity issue as much as it a general security issue that is easy to overlook. Working from home may require staff to use their printer to obtain hard copies of documents. Make sure people aren’t printing sensitive company projects or financial data and leaving it strewn around the house.
With employees now working from home they will need to access your network. They will most likely be doing this on their own devices. You will need to make sure those devices are clean of any malware or viruses, which would infect your whole network. You will also need to make sure those have tools like anti-virus to make sure they stay clean.
With so many members of staff now working from home your cybersecurity is going to be tested in new ways. By following the advice and tips in this article it should help your employees work securely from home.
If your business is still struggling to get everyone working productively or securely then please let us know and we can help. You can contact us here, or email firstname.lastname@example.org or call us on 01634 52 52 52.