The Coronavirus, or COVID-19, has many organizations sending employees to work from home to ensure their safety and the health of their employee population. As the virus continues to spread, organizations across the world will likely see continued increases in the amount of remote work required from employees who otherwise would typically come into the office.
This change, while incredibly important to public health, creates a significant risk for an organization’s cybersecurity health given that most organizations are currently unprepared for the security implications of remote work.
What are the cybersecurity concerns with remote work during the Coronavirus spread?
There are many potential risks you may open by sending employees to work from home. The primary and the most significant threat will be to the data your employees need to access from home or send back to the corporate network.
Creating and opening a line of communication from a remote location back to the main network opens the door to anyone who wants to listen or look at the data flowing along that line of communication. If that line isn’t explicitly secured, you are multiplying your threat vector with every single employee you send to work from home.
If your newly-remote employees access or use any of the following types of data in their day-to-day jobs, you should absolutely be concerned about the security implications of them working from home:
- Client or partner data: any information about your clients or partners, including their passwords, their customers, or their internal systems.
- Personally identifiable information: this can be personal or identifying data about your customers or other employees.
- Intellectual Property or Trade secrets: anything that is vital to how your company or its customers or partners works that would be negative if it found itself in the hands of your competitors.
- Health data: any health or personal data protected by HIPAA regulations.
- Financial data: information about finances for your company, your clients, partners or your customers including bank details and login information.
Breaches to any of these types of data carry not only reputation risks but also the risks of significant financial fines.
And, keep in mind, you don’t just have to worry about the potential for your company to be the intended target. It could easily be one of your clients or another company with which you work. Consider the Target breach, where an HVAC contractor was the door into Target’s network.
And on the flip side, larger organizations will also want to consider what precautions any partners they work with throughout their entire supply chain are taking as they send their employees to work from home as well.
Cybersecurity risks associated with remote work
Some of the biggest technical issues surrounding the security of remote work include:
- Device usage: many of your employees will be connecting to your network using different or mobile devices that are unsecured.
- Wifi: connections via wifi, especially public wifi, are notoriously unsecure (and will be the most common method by which your remote employees will connect).
- Eavesdropping or Man-in-the-Middle attacks: cybercriminals gain access to an unsecured or poorly secured Wi-Fi router in order to intercept and read the victim’s transmitted data.
In addition to the fact that you will have an increased number of employees working from home, you will also have employees who are highly inexperienced working from home for the first time. These employees will likely be non-technical, and most definitely will not have put in place property security measures (or even know how!).
What can I do to protect my company but still allow for remote work?
The good news is that you can still protect your employees’ health by allowing remote work, even if you are a government agency. The most important step you can take is to provide a simple and effective solution for employees to create a secure line of communication back to the corporate network.
That solution will have to be easy for even non-technical employees to use and set-up, and it must create a secure VPN tunnel for employees to communicate back to the main network.
Attila’s GoSilent device is an extremely quick, and cost-effective method to achieve this. The solution is essentially “plug and play,” allowing even the most non-technical of users to connect the device and set it up in less than 2 minutes. With just a few clicks, your employees can have a completely secure tunnel back to the corporate network set up and functioning.
This same solution is currently being used by Attila clients in both the government and private sector to protect their most sensitive data.
As an organization, we understand that the coronavirus is forcing organizations to quickly develop contingency plans for teleworking. As such, Attila is standing ready to help you, and due to the crisis are offering discounts to get your teams up and running from home.
Contact us to learn more.