Throughout 2020, companies were faced with a choice – shift to remote work arrangements, or close up business. The answer seemed obvious, but the solution not so much, particularly where network security matters are concerned.
Sure, it sounds easy to just “let everyone work from home” with VPN software, the IT department just sets up servers and everything is all good yeah? Well there’s actually a lot of security risks and concerns, not to mention organizational structuring to plan out.
In this article we are going to look at 4 of the biggest work-from-home risks in 2021, and how to mitigate them.
Weak home network security
In the office you will have an IT team in charge of managing the office network equipment, such as routers and connected devices. Work from home employees are generally left to managing their own home networks, which can be difficult for less tech-savvy employees.
Even if employees use a secure work VPN, their own home network can be compromised. Many people are known to leave the default logins for their routers, like “admin / password” or whatever a technician set it to when installing their internet service.
Work from home employees should be reminded to secure their home networks such as using strong WiFi passwords, and connecting their work computer directly to their router via ethernet cable. There are many different brands of routers, but your IT department can help guide and instruct employees with general security settings on their home equipment.
File Sharing
Data leaks are one of the biggest modern risks to companies, and can cost a lot of money in damages. File sharing can become messy in an organization with different departments and teams. Some employees might send important files through email attachment, messaging apps, and insecure storage services.
It’s wise for a company to use a premium cloud file server and instruct employees to use it exclusively for work files. This will mitigate a lot of file sharing risks, and also be more convenient for your organization as employees won’t be able to remember if a file was emailed or sent through chat, everything is available right there on the cloud server.
Phishing and email scams
Phishing scams are a particular risk as cybercriminals can be rather crafty in being deceptive and persuasive. A large part of hacking is social engineering, where critical security information is subtly obtained from a target through regular conversation.
For example someone might have the security question “What was the name of your first pet?”, and they would probably give up the answer to anyone who engaged them in a conversation about pets and animals.
A cybercriminal could fake email addresses that look very similar to internal email addresses, such as IT department and management employees, and send emails to employees asking for login information. A good policy to follow is to instruct employees that if IT or management ever really needed employee account information, they will call the employee through phone, and employees should report any emails asking for account information to the IT department for verification.
VPN brute force attacks
Credential stuffing and password dictionary attacks saw a massive increase in enterprise VPN connections in 2020, as millions of enterprise employees became remote workers. One of the best ways of staving off brute force attacks is using forms of 2FA to verify employee logins.
Two-factor authentication can be bypassed in some situations, so it’s best to consult with your IT team and put together a comprehensive cybersecurity strategy that not only focuses on outside threats, but internal “what if” scenarios concerning employee habits and accidents as well.