Work-from-home mandates create cybersecurity concerns
With the number of coronavirus cases continuing to climb, more employees are working from home than ever before. According to a flash survey of the CNBC Technology Executive Council conducted in March, 85% have at least half of their workforces working from home, and 25% of organizations are now entirely remote. That has cybersecurity experts concerned.
The process of safely moving an entire workforce from a combined platform to a remote, distributed arrangement is “massively difficult” to accomplish in a year, according to Mark Gilroy, CEO of Fornetix, a Frederick, Md., cybersecurity firm. Most organizations had just three weeks to get it done. Consequently, the risk for exposure is substantial.
“Even my company, which is known for managing cybersecurity, is going through an enormous amount of attacks on a day-to-day basis,” says Gilroy. “If a cybersecurity company is under attack, I can promise you the small mom and pop all the way up to the big players are really getting hammered right now.”
More than one-third (36%) of respondents to the CNBC survey reported an increase in cyber threats since the coronavirus-fueled shift to remote work began. That’s left organizations scrambling to maintain security of data and confidential conversations.
Columbus, Ohio-based insurance and financial-services company Nationwide is warning employees to be aware of the wide variety of devices connected to home networks, such as smart thermostats, gaming consoles, baby monitors, TVs and appliances. Their advice is to make sure they’re protected with a strong password and all system updates have been applied. U.K. law firm Mishcon de Reya has instructed employees to mute or disable domestic smart speakers, such as Google Home and Amazon Echo, in the wake of reports that such devices has been found to eavesdrop or even record conversations.
Gilroy emphasizes the need for companies to focus on what he calls “crypto hygiene.” That includes employing a trusted VPN, ensuring the best protection software is in place and updated, making sure encryption tools are installed, knowing who has access and educating employees about the basics of working at home in an insecure IT environment. They should be advised to back up everything, ensure their WiFi connection is secure and be suspicious of emails from people they don’t know or that ask them to check or renew their passwords and login credentials.
“We’re going to be remote for a while and people working at home is going to become the new normal, so crypto hygiene must be one of the top priorities for everyone,” says Gilroy.