2021 shifted focus from cybersecurity to digital transformation; notwithstanding, 75% of CIOs out of 100 CIOs of Fortune 500 brands still saw the potent danger in cybercriminals’ activities to give it the second spot in their budgets. Cyberattacks took a new dimension with the shift to WFH; cybercriminals exploited the poor preparedness of organizations that had to revert to WFH to ensure they satisfied customers’ demands as an opportunity to wreak more havoc.
WFH has come to stay; a lot of employees found it difficult at the initial stage, but they have adjusted to it, and many employees are now disposed to working from home or embarking on the hybrid model. The only option now is to ensure that your employees are well protected from the heightened activities of cybercriminals.
Some measures you can employ to mitigate cyber security issues arising from WFH include:
1. Antivirus
Employees on the WFH model may not have the necessary protection that your IT team will ensure from a physical workspace; cybercriminals are aware of this and will exploit the situation to corrupt your system or hack your data through the introduction of malicious programs. This is why you need an antivirus, which is computer software that can confer protection on your employees’ devices.
Cybercriminals know that the WFH model will entail the frequent use of emails for communication among employees and resort to phishing which was reported to have shot up by 600% in 2020, to lure employees into clicking fake emails to deliver ransomware. With antivirus, however, your employees on the WFH model can be protected from viruses and malware, spam, spyware, and also confer firewall protection on their devices.
2. Advanced security
There is a need for advanced security, which you can’t get from using only antivirus. Your employees will need to use a VPN with the antivirus to ensure absolute protection.
With a VPN (Virtual Private Network), and especially if you have to make use of Craigslist to enhance a better promotion of your business now that more people are confined to their homes, you need a VPN that will encrypt all your employees’ network connections and provide them with different IP addresses while on the WFH model. Some of your employees may revert to the public Wi-Fi to carry out their tasks, while this is not the best of practices, it may be inevitable, hence the need to ensure data encryption and the security of data in transit or even at rest over the internet.
From a physical workspace, the use of public Wi-Fi may not be necessary, but now that your employees are working from home, you need to get a secure private network to forestall exposing your customers’ data to cybercriminals on unsecured public networks such as the public internet and open Wi-Fi hotspots. An antivirus will protect you from malware, but it does not encrypt your data and does not ensure that your data is not stolen or hacked when you are connected to a public Wi-Fi or the internet; this is why you need advanced security, which a combination of antivirus and VPN will confer.
3. Multi-factor authentication (MFA)
What a lot of people are used to are single-factor authentication (SFA) and two-factor authentication (2FA). WFH, however, makes authentication a very serious issue.
What you hear every day is to make sure that your password is strong, but hackers can tamper with the strongest passwords, it may only take them more time to achieve this feat, it’s not impossible. Passwords fall under SFAs, 2FAs are becoming more common now, but taking into consideration that family members and friends can access your employees’ devices while on WFH, it becomes highly necessary that you must seek a more reliable authentication method.
An MFA combines inherence authentication (something you are), possession authentication (something you have), and knowledge authentication (something you know) among others. SFAs will only need any one of them, while 2FA will need only two.
When employees accidentally leave their work devices in places where friends or family members can access them, it will become absolutely impossible for any member of the family to log into any such device unless they are privy to all the authentication factors. A bad actor, who can attempt to crack or compromise your password with the brute force attack, will still find it impossible to access your network since you don’t depend only on your password to access your network.
Indeed, most organizations have not started to enforce the use of MFAs, 2FAs are more popular, but the increasing rate of WFH will leave no other option than to enforce MFAs or even stronger authentication measures. A security breach can damage the hard-earned reputation of an organization or even lead to its total closure.
4. Software updates
Employees on WFH may not have superior officials who monitor them; this can lead to error of omission on the part of such employees that bad actors can capitalize upon. Things like software updates can be taken for granted, despite the fact that a lot of software updates, especially those provided by Microsoft, are free.
By encouraging employees to install patches, they will be more focused on the threats that can arise from their lapses. What software companies do is to ensure that their products are more secure by coming up with new updates.
They are aware that bad actors work around the clock to counter any security measures they have in place and do everything to ensure their products are secure; by skipping the patches, you are making your devices highly vulnerable. Failure to install patches are negligence on the part of employees.
