With the recent pandemic, businesses now know the importance of equipping their workforce with good tools to work remotely. What are the implications of this shift to remote work from a cyber security standpoint?
Work-from-anywhere was a popular mantra prior to the pandemic. But now it has become an operational necessity. A March 2020 Gallup poll indicated 60% of all employees were working remotely. But now the shift to remote work is increasing. A recent PWC survey indicates that 83% of employers say the shift to remote work was successful for their company. Which is better than 73% who said so in the June 2020 survey.
The Challenges of Remote Work
Following are some of the key challenges your organization needs to handle.
Unmanaged devices and home Wi-Fi
- Home networks do not have corporate level firewalls to protect the network from attacks. But employees often work from home using personal devices. So they may be accessing corporate resources, and critical data on these unmanaged devices.
- Other personal devices connected to the home may not have anti-virus software installed. And viruses can travel from one device to another within the home network and eventually penetrate the corporate network.
Many people do not know much about cyber security:
- Employees are prone to click on malicious emails that appear to be from government agencies or healthcare providers. As a result they might give away critical personal data to hackers.
- Employees may also give away corporate data to spoofing emails pretending to be their colleagues or business contacts.
- Many people use the same password for every account they may have. One password shared by mistake, can allow a criminal to take over all those accounts.
- Regular users often do not consider cyber security a priority. They often assume that the IT department can handle security issues.
The Solutions
It is an understatement to say that maintaining the security of corporate data when employees work remotely is critical. You can meet Cyber security challenges head-on to prevent data breaches and hacking. Following are some of the solutions organizations can employ based on their technology environment.
Implement Strong Password Policies:
Organizations must implement strong password policies and should not allow users to use similar passwords when asked for password change.
Multi-factor Authentication:
Having strong passwords often isn’t enough. For example, data breaches can leak employee’s credentials. Multi-factor authentication (MFA) involves additional steps to add an extra layer of protection, such as a confirmation call or text message.
Prevent Users from Storing Documents Locally:
Organizations can prevent users from storing files locally on their workstations. This prevents the risk of losing data and documents in case of hacking of a workstation.
Backups:
Regular backups can ensure protection of data and documents. For example ransomware, in which hackers lock your files. In this situation, without a backup, you are at the mercy of hackers. One of the most convenient and cost effective ways to save important data and documents are back-ups in the cloud.
Remote VPN:
Remote employees who need to access network resources, should use a corporate virtual private network (VPN). With VPN, encrypted data travels through a secure tunnel between the employee’s device and corporate network. This protects the corporate network.
Firewalls:
To mitigate a lower level of security at a user’s home network, corporate firewalls act as a line of defense . This prevents threats from accessing the network. IT admins must close unused ports. In modern routers, hardware firewalls are built-in, but you need to make sure that they are turned on.
Antimalware Software:
Home based users must be encouraged to have antivirus installed on the devices they use to access corporate resources. However, there is no guarantee that this would happen. Therefore, IT admins must ensure antimalware software is in place and fully updated on all corporate devices.
Public Wi-Fi:
Employees should not use Public Wi-Fi for office work: Most Wi-Fi systems at home these days are somewhat secure. But when outside the home, employees should be aware that unsecured public Wi-Fi networks are prime spots for malicious parties. Because, they spy and collect confidential information.
Encryption:
Implement secure email systems and train your users on how to use them. When employees need to send sensitive information, they should use this encryption. In addition, implement data loss prevention policies (DLP) in your email system. Which can automatically secure the most sensitive corporate data in emails. Using DLP based encryption, prevents hackers from stealing your data.
Employee Training:
End users can be the weakest link in today’s cyber security defenses. Train your employees regularly on following topics:
- Spotting and handling phishing attacks and other forms of hacking.
- Protecting their remote workstations
- Securing home network devices.
Conclusion
Work from home is a necessity as well as a challenge, which every organization is facing today. Organizations must take measures to counter the risks facing the corporate network and data.
Well thought out IT policies and procedures along with user training and education can protect your corporate environment. It is critical for the real estate industry to renew emphasis on cyber security risk management. Implementing the right strategy can reduce that risk. And allows organizations and their employees to enjoy the benefits of remote work in this connected world.
How CRES can be helpful
To address Cyber Security challenges facing real estate industry, we offer:
- A free Cyber Security evaluation of your environment.
- A sophisticated Remote Monitoring and Management, which not only manages but proactively protects the corporate network.
- Managed Antivirus and Endpoint Detection and Response system (EDR), which is far better than traditional anti-virus software and includes:
- Protection against the latest threats without waiting for scans or updates to definitions.
- Respond to threats almost instantly.
- Roll back devices to their pre-infection state, even if they are compromised by ransomware.
- Allow or block USB and endpoint traffic via policy, customized for your end users.
- Device control with USB and Bluetooth monitoring for data theft.
CRES Technology’s team includes professionals with deep real estate background. Working directly with them, we can tailor a solution to your needs. We offer great value to your company by providing competitive pricing. For more information about CRES IT Services, contact us.
About Waqar Hussain
CRES Technology -Director IT Services
A technology leader with outstanding knowledge, technical expertise, and a proven track record of leading complex infrastructure projects and managing help desk teams.