Although many industries have been operating remotely over the past decades, the global catastrophe caused by coronavirus has been an unexpected catalyst for a drastic shift to remote operations throughout various business sectors. Even one year later in March 2021, when covid-19’s threat subsided in Canada, about five million Canadian employees are working remotely, according to Statista.
Unfortunately, this rapid transition left companies unprepared for threats posed by the unfamiliar world of a home office, with cybersecurity threats being the top-most concern for the stakeholders. Keeping this in mind, about 57% of Canadian employees expect to increase their cyber budgets, while only 34% are confident their cyber budgets are being used correctly, as per a PwC Canada report
Without any full-fledged IT and security support from our companies at home and increased reliance on technology, we are far more susceptible to cyberattacks. With all of our work is done online, there’s always a possibility of a cybercriminal compromising it. The Canadian Centre for cyber security also confirms, “Cyber threat actors are increasingly attempting to identify and exploit the devices of individuals working at home, particularly targeting those who are employed in areas of strategic interest.”
To help you prepare for the rainy day, we have rounded up a list of cybersecurity actions you can adopt to protect yourself and your organization:
1. Keep Assets Updated and Patched
Updating your devices is critical during remote operations. Since employees are less likely to check for updates or patches manually, it can intensify the impact of unpatched devices vulnerable to cyberattacks. Therefore, it is important to keep workstations, tools, devices, and software updated and patched to protect against potential threats.
Solutions: We would recommend using a centralized system for periodic checks on available patches or updates. Centralized reporting and compliance monitoring are also important, especially when they cannot be checked physically.
2. Employee Feedback and Awareness
Listen to your employees. If you observe something suspicious or accidentally click something that you shouldn’t or have issues with a security product, report to your manager instantly! Your IT team will take appropriate measures to check for any malware involvement and fix it. Lack of cybersecurity awareness could lead to a significant communication gap between technical and non-technical staff.
Solutions: Cybersecurity awareness training should be given to employees of all designations. Once your employees are trained, they know what measures and precautions to take in a security event. You should also take all feedback seriously and create a routine checkup for potential threats if necessary.
3. Maintain good Cybersecurity Hygiene
Cybersecurity hygiene is a cyber practice that ensures the basic health and security of hardware and software. Companies with poor cybersecurity hygiene are more likely to be susceptible to cyberattacks than companies with healthy cybersecurity hygiene.
Solutions: Instead of adopting an “access all area” approach, identify only the parts of your system that remote employees need access to perform their job. Place internal firewalls to separate externally accessed systems from the rest of your network. Make sure that strong measures are in place to stop intrusions to internal systems. We recommend incorporating a two-factor authentication system: a combination of password and numerical access code.
4. Adopt Encrypted Connection for Remote Employees
Remote working invited plenty of security risks: Hackers can intercept the unencrypted connections and steal passwords and other sensitive details of the users.
Solutions: If employees require access to the company network, you must validate that the connection is secure. For this, consider adopting a Virtual Private Network (VPN), designed to create an encrypted tunnel between remote employers and the company network. Many reputable businesses use VPNs to ensure maximum security against potential cyber threats. With a connection to your company’s network secured by a VPN, you can work with confidence without worrying about cyber threats.
5. Use a Password Manager
The very act of remote working introduces cybersecurity risks: remove a person in the next cubicle or at the desk, and you will remove a part of the human-error buffer. Human error in a sense like we are more likely to ask that person for reassurance if we are not sure about any technicalities than risk looking stupid to ask for an IT guy. This led to the infamous “zoombombing” – a collection of various zoom-related privacy problems as millions of users turned to the video-chatting app to connect.
“These videoconferencing systems often come with default settings which are open in nature and vulnerable to being compromised,” says cybersecurity researcher. Default settings like passwords are not being set.
Solutions: It is crucial to ensure that you’re using a strong password for each application, as reusable passwords allow hackers to access several accounts if any one of them gets compromised. It is recommended to use a password manager. This tool will help set different passwords for each app and ensure that it’s a strong one with its built-in password generator feature.
That’s all for now… if you have something to add to the list, feel free to share it with us in the comment section below.