As additional security measures are put in place by governments and organisations worldwide in an effort to slow the spread of COVID-19/coronavirus, employees are increasingly forced to work from home. This rise in remote workers brings to light the potential cyber risks involved. Kaspersky experts reviewed potential cyber threats and explained how to protect employees at their remote workplaces.
While remote work usually brings a lot of advantages – from more flexible schedules to increasing the appeal of an organisation as an employer for generation Z—extra security measures always need to be considered, and in the midst of rather urgent transfers to work-from-home mode, it is not easy for organisations to take into account all risks involved. Once a corporate device is taken outside of a company's network infrastructure and connected to new networks and Wi-Fi, the risks drastically increase. Ransomware, malware infections and corporate espionage are among the threats that need to be considered at all times, but especially, in cases of remote work as insecure Wi-Fi and 4G or 5G connection amplify the risk of infection.
Other risks include the use of personal devices for work purposes, a process that is more likely to take place in conditions of remote work. The popular ‘bring your own device’ appoarch, which allows employees to use their own devices at work, has been adapted by many companies and brought additional risks tocorporations. Phishing via consumer sites can easily infect devices, and, personal devices are also more likely to have outdated software – with potentially unpatched vulnerabilities. Lastly, decentralised IT control and difficulty in tracking and securing devices make the security system more vulnerable.
“Remote workers have been targeted in various ways before. We have seen this with the DarkHotel campaign, which attacked top managers via Wi-Fi; the same can happen to anyone at home with an infected Wi-Fi network. Furthermore, various open-source and free programs that enable remote communication can also be infected. Now, with a massive transfer from offices to work-from-home, we should expect that cyber criminals will rush to attack those who have just become more vulnerable than usual”- Dmitry Galov, security researcher at GReAT, Kaspersky.
“In normal life, almost every second company (50% VSB and 40% SMB) allows their employees to work remotely, according to our report, and today this figure has grown sharply, reaching almost 100% due to quarantine. This means that corporate and personal communications can be mixed as employees use personal devices for work and vice versa. Connecting to a wide range of cloud services,installing software, or using mobile devices can bring new challenges to IT administrators struggling to keep this IT zoo under control and stick to policies. That’s why it is now important to check your readiness to the current cybersecurity challenges and prepare your business for remote work”, says Andrey Dankevich, Senior Marketing Manager, Kaspersky.
Here are some tips to help businesses fill possible gaps in IT security and be prepared:
- Ensure your employees have all thatthey need for secure remote work and know who to reach out to in case of problems with IT and IT security
- Schedule basic security awareness education for employees – it can be done online and cover essential practices for passwords and accounts, email security, pc security, and web browsing
- Take data protection measures: switch on password protection, encrypt devices and complete data backups
- Ensure all devices, software, applications and services are up to date, and keep them updated
- Install proven protection software, such as Kaspersky Endpoint Security Cloud on every endpoint, including mobile devices, and switch on firewall. The protection product should include protection from web threats and email phishing.
- Double check mobile device protection: it should have anti-theft capabilities enabled, such as remote device location, lock and wipe of data, screenlock and password, andFace ID or Touch ID; enable application control to ensure that only white-listed applications are installed
To learn more about securing a remote workplace, read the article on Kaspersky Daily blog post or watch the Kaspersky webinar.
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company's comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Learn how to solve the Rubik's Cube with the easiest method, learning only six algorithms.
