Those lucky enough to work remotely at the start of the COVID-19 era were able to keep themselves and their companies going, despite the intense pressures of that challenging time.
This shift to remote work fundamentally changed how we use IT. Use of Zoom increased by 30x in April 2020 as meetings moved online. Slack workspaces proliferated. And corporate spending on cloud services grew by nearly 40%.
It increasingly seems that many of these changes will remain in place, as the pandemic continues and organisations appreciate the benefits of keeping at least a partial remote footing.
So instead of using work computers on internal networks to manage documents and send basic email, our devices are now full-fledged collaboration hubs, reaching out over the internet to exchange data with countless different services. Further complicating the security picture, all this new collaboration takes place without the traditional protections provided by in-house cybersecurity teams.
Attackers get COVID-creative
In addition to changing how we use IT, COVID-19 gave cyber criminals new avenues for creative attacks. Some of these – like Zoom bombing – while disruptive, ultimately did little to threaten data security. But criminals also used the pandemic for more destructive attacks that stole credentials and spread malware.
As just one example of many, the Center for Internet Security tracked numerous cyber attackers creating fake websites and sending fake email designed to steal data. Attackers would impersonate the Internal Revenue Service, the Centers for Disease Control and Prevention, state governments, etc. to trick users into divulging sensitive information or downloading malicious software. On the technical front, attacks started aggressively targeting home networking equipment like routers, to modify settings and redirect users to enable sites to eavesdrop on communications.
Speak up to enhance security
I’ve spent the past 10 years or so of my cybersecurity career working remotely. Done right, remote work can be every bit as safe as working from even the most secure office space.
But going remote brings the corporate threat landscape to your front door. There’s only so much that you can do, as individuals working from home, to harden yourselves against the types of focused attackers that go after businesses. This is especially true if you work for a larger organisation, one that’s a prime target for cyberattacks.
As important players in your organisations, I encourage you (and the executives you support) to speak up, ask questions and make sure that your company is doing everything it can to stay safe.
Here are some things to talk to your organisation about to ensure you are as safe at home as you would be in a hardened office space:
- Dedicated, hardened computers: Your organisation should be providing you and your executives with specialised computers for working remotely. They should be equipped with enterprise-grade anti-malware, host-based firewalls and secure methods for remotely accessing corporate resources. If your organisation is expecting you to use your home personal computer for work, this is a red flag. Speak up, and make sure your IT team equips you with hardened, dedicated computers.
- Secure access control: If you’re accessing your organisation’s IT systems and not using some form of multi-factor authentication (MFA), this is a security issue. There is no excuse these days for not using MFA to keep your accounts safe. If it isn’t already doing so, ask your organisation to implement MFA to safeguard corporate accounts.
- Remote access security: In the rush to work remotely, a lot of corporate IT teams just opened systems up without much regard for the security implications. Don’t hesitate to ask questions about how remote access is managed and kept secured by your organisation.
- Reputable cloud service providers: Using cloud service providers (CSPs) can be a secure way to manage data. But not all CSPs are created equal. Raise your concerns, and ask questions about how your organisation selects CSPs, what security standards those CSPs adhere to and how that vendor relationship is managed.
If your organisation is especially sensitive, you may want to consider asking your company to upgrade your home network for you. Consumer-grade modems and routers are not the most secure bits of network gear. If your organisation is a consistent target for cyber criminals, your IT/security team may want to upgrade your home network and the networks of the executives you support. This will help harden your home security to enterprise standards.
It takes a village to secure cyberspace
There are steps you can take as an individual to secure your home network. But responsibility for cybersecurity in the COVID-19 era is a two-way street. Your organisation also needs to step up and do its part to keep you secure while working from home. Speak up, ask questions and encourage your organisation to take on part of the responsibility for keeping you safe, even when you’re not in the office.
Article contributed by All Things Admin.
Written by Spence Witten, a senior advisor at 38North Security.
Julie Perrine, CAP-OM, is the founder and CEO of All Things Admin, providing training, mentoring and resources for administrative professionals worldwide. Julie applies her administrative expertise and passion for lifelong learning to serving as an enthusiastic mentor, speaker and author who educates admins around the world on how to be more effective every day. Learn more about Julie’s books – The Innovative Admin: Unleash the Power of Innovation in Your Administrative Career; The Organized Admin: Leverage Your Unique Organizing Style to Create Systems, Reduce Overwhelm, and Increase Productivity; and Become a Procedures Pro: The Admin’s Guide to Developing Effective Office Systems and Procedures.