According to the latest report, 20% of businesses have reported a breach caused by remote workers.
The aftermath of such incidents resulted in unexpected expenses for these companies. Also, the reported costs of cyber exploitation caused by remote work aggregate higher costs compared to other breaches, as well as prolonged remediation time.
How to avoid expensive mistakes within companies that rely on telecommuting and strengthen the security of all devices that connect to the network?
Some solutions include using Secure Access Service Edge or SASE, avoiding open Wi-Fi, raising awareness of phishing, and changing passwords.
Watch Out For Phishing Attempts
A British construction group known as Interserve has been fined for exposing the private information of over 113,000 employees in one of the latest phishing attacks.
A worker accidentally forwarded a malware-infected email to another colleague. The recipient opened the email and downloaded a contact in the attachment — an action which consequently downloaded a virus to work devices.
Although the cybersecurity tool the company used displayed the alert, the organization did not inspect the suspicious activity.
Phishing is a type of social engineering attack that exploits slip-ups of company workers. There are various types of phishing out there, but this common threat is mostly done via email.
In many cases, these phishing attempts are successful because employees lack cybersecurity training. They just do their jobs and don’t suspect that the email they received could contain malware — especially if they’re from a well-known sender.
Other times, slip ups occur to trained cybersecurity teams that are understaffed, overworked, and overwhelmed with non-stop alerts.
Introducing phishing awareness training for all employees and giving the IT teams that manage the security all the tools they need to separate the high-risk from low-risk issues is a start.
Avoid Public Wi-Fi
While traveling or working in cafés, remote teams often rely on public Wi-Fi to complete their tasks.
However, one out of four public Wi-Fi users are victims of hacking after connecting to free Wi-Fi — even those that might seem safe such as airport hotspots.
Connecting to Wi-Fi puts the users at risk of identity theft if they link their devices to a compromised hotspot that is infected with information-stealing malware.
For devices that are linked to the network of a business, this means that threat actors can obtain information regarding the company or even gain unauthorized access to the system.
Therefore, avoid free Wi-Fi when possible and use mobile data instead.
On occasions when there is no other option but to use public Wi-Fi:
- Carefully go through the terms and conditions before connecting to the public Wi-Fi
- Visit only sites that are safe — those that display a green padlock
- Avoid making any transitions on your credit card while using free hotspots
- Switch off the sharing option in the Control Panel of your device
- Don’t allow auto-connect for any hotspot
Redefine Security Architecture With SASE
Cloud technology has been widely adopted by companies that have introduced remote work and intend to retain it in either complete or hybrid form.
With the increased number of hacking incidents, businesses need more than a Virtual Private Network (VPN) to secure the cloud. Migration to the cloud requires an entirely new approach to security architecture.
For instance, Secure Access Service Edge (SASE) is a cybersecurity model designed to protect cloud-based environments.
SASE combines the capabilities of VPNs, zero-trust practices, firewalls as a service, and more.
It unites all the security solutions and principles to form layered security that covers all devices that connect to the company’s network — regardless of the location of remote workers.
The key benefits of SASE are:
- Faster network access
- Unified cybersecurity tools
- Reduced cost of cybersecurity
Network latency can hurt both employee productivity and the user experience. SASE increases connectivity time by limiting user access based on the role of an employee and deploying zero-trust principles.
Uniting security tools helps IT teams react to alerts in time and retain a complete overview of the attack surface (any software that can be targeted by threat actors). Faster reaction time decreases the chance of phishing exploitation and a possible data breach.
Spending is reduced since it has the functionality of multiple different tools that would otherwise have to be purchased and deployed separately.
Replace Weak Passwords
FastCompany has reported a breach due to the use of weak (easy to guess) credentials. The threat actor claims that they exploited the password “pizza 123”, which has been used to access several WordPress accounts of the company.
After obtaining the weak and reused password, the cyber-criminal got access to Apple News API keys and authentication tokens. This enabled them to send notifications to the users.
Complex passwords (over 10 characters that consist of a unique combination of letters, numbers, and symbols) that are often changed and not reused for any other account are a necessity.
Another option is to use a password manager — a tool that requires users to remember one password.
After strengthening your password, make sure that you:
- Avoid typing in the password where other people can see it in public — be aware of your surroundings at all times
- Never share it via text message, social media inboxes, or email
To Conclude
Although companies have improved their security since the major shift to remote work in 2020, common human errors and cybersecurity slip ups still put assets at risk on a daily basis.
The adoption of new systems requires protective solutions that enable unified and flexible security that can keep up with changes within the company — such as SASE.
After securing the infrastructure with tools and protocols, it’s necessary to address people who connect to the devices remotely.
Human mistakes such as relying on weak passwords, connecting to open Wi-Fi, or falling for phishing schemes are common.
Raise awareness and encourage team members to make the best cybersecurity practices their second nature — regardless of their role within the company.
