The 2020 shift to remote work and its continuation into 2021 has caused a full 180 degrees flip of our previous perception of how work should be done, and cybercriminals noticed. With many companies forced to embrace employees working from home on a condensed timeline, security fell to the back burner for a couple of reasons. Organizations assumed this would be short-lived, and they figured they could come back to security once everything was up and running.
We have observed a significant number of malware campaigns, spam campaigns, and outright scams that preyed on the fears and uncertainties of people around the world during this time. These ranged from fraud schemes related to stimulus programs offered by the U.S. Small Business Administration to the Maze ransomware hacking group attacking a British research company that was preparing to conduct trials of a COVID-19 vaccine. Throughout COVID-19, cybercriminals have continued to capitalize on unsecured work-from-home computing to deliver new malware and test new techniques.
Even as many employees return to the workplace, company leaders intend to permit remote working some of the time or full time to some positions. As we continue to embrace this new commonality of employees being remote, here are a few tips to ensure you keep your people, data, customers, and organization safe.
In simple terms, an endpoint is one end of a communications channel – it’s any device that is physically an “endpoint” on a network. It refers to parts of a network that don’t simply relay communications along its channels or switch those communications from one channel to another. An endpoint is the place where communications originate and where they are received.
Endpoints can be anything from desktops, laptops, servers, and virtual environments, to IoT devices like wearable fitness devices, printers, smart TVs, and even toaster ovens.
Today’s challenge is that everything is digital, and protecting the endpoint isn’t as easy as it used to be. Virtually any device can be connected to your network. And therefore, just as physical items can be stolen or broken, today’s precious assets are increasingly susceptible to cybercrime that seeks to halt business activity, steal data, and steal money – all digitally.
Protecting the endpoint is your primary task, but sometimes you have to stop and ask yourself: do you know how many devices are connected to your network? You may be surprised to learn that beyond traditional endpoints (think desktops, laptops, and servers), most organizations are running completely blind. It doesn’t have to be that way.
You can’t protect what you can’t see, so organizations must be able to map what is on a network and fingerprint devices to see what is connected — and more importantly, unprotected.
Even though employees may not be working in the office at this moment, it doesn’t mean they’ll be working from home forever. Besides the immediate struggles in place by Covid-19 we’re also seeing employees take their work with them, whether that means working in a socially distanced park or working out of their hotel on vacation. When choosing to work from any public network, employees expose themselves to the risk of potentially exposing company data that resides on their laptops locally.
Here are a few tips to help keep your company devices secure:
- Ensure all company devices use full disk encryption so that if a laptop happens to get lost or stolen, the data on the device will not be accessible to thieves.
- Use password management so that all accounts on the device require unique login credentials.
- Remind employees to log out whenever the system is not in use, even at home.
While these may seem like basic security practices, it’s always a good idea to remind your employees not to be that Starbucks customer who goes to the counter for a refill while leaving an open laptop on the table.
Providing remote access to your corporate network always increases the risk of your organization’s data getting into the wrong hands. Unsafe access often happens when employees let their guard down and engage in behaviors they normally wouldn’t at the office, such as using their company device for personal activities.
To better protect your data, use a zero-trust security solution to connect remote employees to your organization’s networks and servers. A zero-trust solution creates a direct connection as if the device were connected to the organization’s LAN. Don’t be afraid to remind employees that a laptop used at home is still company property and should only be used by the employee for work-related activities. Any non-work-related activity should be conducted on the employee’s own devices.
With the increase in email and other text-based communications to stay connected while working remotely, employees can find it hard to differentiate between what emails and communications are legitimate and what are not.
As phishing and malware campaigns continue to rise, be sure to remind your employees to inspect links before clicking by hovering over them with the pointer to see the actual URL destination. Another easy way to help your employees protect themselves from falling victim to such campaigns is to use an automated endpoint detection and response security solution that can block malicious content if the user executes it.
With the vast majority of the workforce changing its habits, securing the world’s commerce, communications, and precious digital assets has never been more critical. To learn more about what protection you may need to protect your remote employees, the company, and your sensitive information, call Acme Business, your local IT business focused on protecting thousands of endpoints 24/7, 365 days a year.