COVID-19: The cybersecurity risks of remote working (and how to mitigate them)
As New Zealand navigates the continued threat of Covid-19, working from home is likely to become a lot more common for many businesses over the next six to 18 months. With this, there will continue to be a range of scenarios where staff are using their own personal laptop or PC to do their work. (Otherwise known as BYOD or “Bring Your Own Device” usage)
The shift towards remote and BYOD work practices puts many companies at risk of a significant data breach, because they don’t have the necessary cybersecurity protocols in place – coupled with the fact that it’s more challenging to control security while employees are working remotely on personal hardware.
What are the cybersecurity risks posed by BYOD usage and remote working?
Phishing schemes: Earlier in April, cybersecurity agencies warned that hacking groups were using COVID-19 themes to worm their way into computers and networks. These groups are purportedly sending phishing emails and setting up websites with COVID-19 virus subjects, aiming to lure users to click on links that will expose their computers to unathorised access or introduce malware – meaning attacks can occur simply from a user clicking a dodgy link in an email.
Unauthorised access to company data: You’ve probably giggled a lot over memes and funny tweets about kids and the current working from home climate, but kids or family members using personal computers and inadvertently accessing or compromising company data is a real risk when people are working from home, and using their own computers by default. (It’s for this reason that we often recommend two-factor identification is activated on company CRM whenever staff are working remotely, to add an extra layer of security!)
No control over what’s installed on personal computers: Companies have little control over what programs people work on user-owned devices including; personal computers, tablets, or mobile phones. Someone (workers or even their children) might download insecure applications onto personal hardware rather than those bought from bona-fide app stores; and cyber criminals can hijack data using gateway access from insecure apps.
Insecure networks: Most home Wi-Fi networks are insecure, leaving them vulnerable to be tampered with by hacking and people with malicious intent.
How can you mitigate the cybersecurity threat of “BYOD”?
The cybersecurity risks of remote working and BYOD are real. Unfortunately, though, in the current climate most companies can’t control whether their employees work from home or use their own personal computer to do so – staff are likely to be doing both by necessity. The good news is, there are real ways to mitigate these risks.
Educate your employees: People remain the weakest link when it comes to cybersecurity. Employees working from home must be provided with the training and knowledge (or reminded) about basic security, and education around being aware of phishing emails – particularly at this time when attempts to subvert security using phishing attacks are likely to increase.
Reset home router passwords: Employees working from home should change the default password for their Wi-Fi router, as many would unlikely have conducted this exercise, and these are often insecure leaving them vulnerable to outside attack.
Ensure adequate security protection: Cybersecurity best practice is that companies should ensure that security mechanisms such as virus checkers, firewalls, device encryption, authentication programs, and virtual environments are installed, up-to-date and active on any device being used for work purposes, even if it is user owned.
If you want to learn more about cybersecurity click below to watch our video. In it we explain how to check your antivirus product is up-to-date; how to make sure you’re connected to a secure wireless network; and how to identify phishing emails. Watch the videos yourself, or send to your team, to improve your “BYOD” cybersecurity today.