Organisations should expect significant cybersecurity fallout from coronavirus within weeks or months, according to the Wall Street Journal. How can overstretched IT teams avoid this, when they’re having to set up whole teams to work from home?
Cybersecurity specialist Webroot back in 2019 outlined a few essential steps to tackle the increased risk posed by digital professionals working remotely – or the homebound knowledge worker or office assistant, for that matter.
First, consider best practice around public Wi-Fi networks. While some staff may have a properly secured home network, many consumers rely on relatively “open” connections with easily discoverable credentials – so it might as well be an airport or public hotspot.
“The massive and unresolved flaw in the WPA2 encryption standard used by modern Wi-Fi networks means that anyone connecting to a public network is putting themselves at risk,” writes Austin Castle, in his piece for Webroot.
That means virtual private networking (VPN) is essential to hide web traffic.
“A quality VPN app is simple to set up on your mobile devices and uses a strong encryption protocol to prevent hackers and other snoops from stealing important personal information such as account passwords, banking information, and private messages. VPNs will keep your data encrypted and secure from prying eyes, regardless of locale,” says Castle.
Ensure the use of strong passwords and multifactor authentication – and don’t forget about the risk of physical theft. Many big data breaches have resulted from the loss of a USB key, laptop or similar on a train or similar. Educate staff not only about the risk, but in how to protect their devices – or, at the least, the data and information they contain.
Remote workers should not only be reminded not to leave devices unattended – but should be using device trackers as well as backing up all data, all the time, in case of loss or theft.
“Devices should have a lock screen enabled, secured with either a pin or a biometric ID, such as your fingerprint. If you believe these efforts have failed and your device is compromised, enabling multifactor authentication on your most sensitive accounts should help reduce the effect of the breach.
“If you cannot recover your device, remotely wiping it will prevent any additional data from being accessed. If you have a device tracker enabled, you will be able to remotely wipe your sensitive data with that software,” he writes.
Ensure a data backup solution can recover any lost files. In addition, educate staff to switch off their Wi-Fi and other connectivity (such as Bluetooth) right after every work session, says Castle.