Posted by Stephen Palamara, TCC Director of Business Development
The Coronavirus outbreak has added to an already plentiful array of cybersecurity threats. Employers are responding to the outbreak by allowing or mandating remote working. I recently read an article on the Security Magazine website that outlines the top ten threats and the recommended solutions. https://www.securitymagazine.com/articles/91999-the-top-10-employer-cybersecurity-concerns-for-employees-regarding-remote-work
Here are the first five:
- Phishing – “Employees need to be reminded (and tested) that legitimate groups do not request personal information. Verify any hyperlink before clicking on it. Be wary of any email insisting on immediate action. Generic greetings or an unfamiliar sender are other markers. And while bad spelling and grammar often signal phishing, beautifully written communiques can be just as dangerous. The best defense is common sense. Remote workers should get into the habit of pausing before responding.”
- Use of Personal Devices – “remote workers should be restricted to the use of company devices. Company devices meet minimal security benchmarks. Their hardware is designed to work within a corporate network. Their software has been optimized to cater to the specific needs of the individual user within the company environment. The introduction of personal devices injects a new element of risk into the security calculus. Remote workers will be limited to company devices. If this is impossible, personal devices should be vetted by employer IT prior to being used for company work.”
- Use of Unsecured Networks – “remote workers must restrict themselves to home or other secure networks. The “free” WiFi available at cafes, libraries, or similar public places carry a steep security price tag. Traffic is not encrypted. Hackers target such environments, leaving cyber mines that activate when a user of interest uses the network. If a remote worker lacks access to secure WiFi, provide a HotSpot. It is a security investment that will pay for itself many times over.”
- Limit Network Access – “remote access should be limited to network sections necessary to enable workers to complete their tasks. Every employer has data with varying degrees of value and sensitivity. The most valuable data – the “crown jewels” should not be remotely accessible. If access is imperative, it should be limited to the extent and time necessary to complete the assigned task.”
- Make Remote Work Easy – “At first glance, this appears to contradict the prior principle. Didn’t we just recommend limiting data? Yes. But employees need to work. If access is too cumbersome, they develop workarounds. One common approach is to download material locally. Since an individual machine often has weaker defenses than a networked one, this presents attackers with an opportunity Indeed, the U.S. Securities and Exchange Commission (SEC) fined a major broker for an arrangement where an analyst, hampered by excessive controls, set up a personal “shadow network” to enable him to meet his deadlines. The shadow network, far more vulnerable than the broker’s, was breached, triggering an SEC examination.”
The article had a lot of great information, so we will take a look at the at the next five on the list in the next blog post.
To find out more about TCC Security Services please visit our website https://www.e-tcc.com/security-services.