As originally published in Global Trade Magazine, April 8, 2020
Top 4 Teleworking Vulnerabilities (and How to Mitigate Them)
by Heinan Landa | Optimal Networks, Inc.
Between social distancing guidelines and stay-at-home orders, it’s clear that we’ll all be spending a lot of time at home.
While many of us might normally work from home a day or two out of each week, few firms are used to having all their staff work from home for weeks at a time.
This means that many companies have not implemented security measures that are most appropriate for a fully remote team.
1 – Using personal devices
The laptops and desktops your firm owns are secure. They have up-to-date patching and anti-malware. They have simple but important polices like an automatic screen lock. They’re backed up and might even have hard drive encryption and remote wipe capabilities.
Do the personal devices accessing your data even have anti-virus beyond Windows Defender? Are any running Windows 7, which has been out of support for months?
If a vulnerable machine is accessing your firm data, that data becomes vulnerable.
Best practice is to only allow your people to work from firm-owned equipment. If you try purchasing new equipment today, though, you will probably run into significant delays with manufacturing. Your second-best option is to roll out workstation management software to these personal devices. Your IT team can help with this.
2 – Heightened scam activity
Scammers are having a field day with this pandemic. We’re anxious, we’re distracted, we’re working with new and unfamiliar technologies, and we’re accessing confidential data outside of our secure office network.
In a span of just seven hours, cybersecurity company ESET detected 2,500 infections from malicious emails that played on COVID-19 themes. Phishing emails that appear to come from legitimate sources like the World Health Organization offer links or attachments with information about the spread, face masks, a vaccine—anything that will tempt recipients into clicking and infecting their machines with spyware, ransomware, or otherwise.