BR +55 11 3069 3925 | USA +1 469 620 7643

7 tips to prevent cyber attacks during remote work

by | Feb 8, 2021 | BLOG

The year 2021 has arrived, and organizations of all types and sizes are continuing their efforts to adapt their workforce to the new work reality imposed by the Covid-19 pandemic. People, who were previously working using corporate devices and infrastructure within its security perimeters, have been forced to quickly change their approach, now working from their homes and accessing the same resources as before lockdowns. And according to Cisco research published in the Future of Secure Remote Work report, even with the introduction of a vaccine against the coronavirus, IT decision-makers believe that a significant part of this workforce will continue to operate remotely, thereby accelerating the move to Cloud-based models and their projects linked to digital transformation. 

Many companies, however, did not have the adequate infrastructure to support a huge number of people working from their homes, let alone to ensure that sensitive data was not exposed. The change introduced by the pandemic has created a strong demand for digital solutions, bringing an important mission for the Information Security teams: not only to protect the company, its employees, and customers but also to guarantee business continuity. A Promon survey of 2,000 remote workers provides some worrying data: almost two-thirds of them had not received any cybersecurity training in the past 12 months. Besides, 77% of them are not concerned with data security while working from their homes. It is worth remembering that data protection laws provide for heavy sanctions in case of data leaks. If the personal data of Brazilians are leaked, for example, a company is subject to fines that can reach 2% of revenues or 50 million reais. 

In this context, the Covid-19 pandemic also brought new attack vectors to this entire remote workforce. With so many people using insecure devices and networks to perform their daily activities, malicious attackers saw an opportunity to exploit security gaps introduced by this form of work. Also according to the Cisco report, 61% of decision-makers have reported an increase of 25% or more in cyber threats since the pandemic began in March 2020. And for those who think cybersecurity is something that concerns only global organizations, this increase in threats is also reported by small (55%) and medium-sized (70%) companies. But what aspects should Information Security leaders consider in order to guarantee the security of data transmitted via unprotected devices and networks?

Virtual Private Network, or VPN – as a basic tool in the kit of those who want to guarantee data security, VPNs are old known to IT teams. In addition to the function of avoiding geographical restrictions, the use of these tools also improves privacy on the internet. Also, a VPN allows you to encrypt all internet traffic through devices;

Wi-Fi, or Wireless Connections – most Wi-Fi networks are secure in some way. However, when outside their workspaces, employees should be aware that using public wireless networks is one of the preferred targets for malicious agents to spy on internet traffic and collect sensitive data

Home Routers – many people do not change the passwords for their home routers when they are installed, which increases the risk of falling victim to a cyberattack. To prevent any malicious attacker from having access to the home network and thus gaining improper access to critical data, the first step includes changing the router’s password. Also, it is interesting to encourage employees and third parties to check and install device firmware updates.

Passwords – In these times, it is more important than ever that your passwords are properly protected. Unfortunately, many people use the same password for multiple-service access credentials, both personal and corporate. This means that if a malicious attacker has access to a compromised password, it will be much easier to gain access to other services, including corporate accounts. Therefore, it is recommended to use a PAM solution to manage these privileged credentials.

Multi-Factor Authentication – often, strong passwords are not enough to protect systems from unauthorized access. If a criminal has access to a credential compromised in a data leak, it is not difficult to compromise other user accounts. Thus, by using multi-factor authentication, such as confirmation via an OTP (One-Time Password) generated by an application or SMS, it is possible to add an extra layer of protection to user accounts;

Backups – all user files must be configured to be backed up, preferably in a cloud-based environment. If there is a cyberattack through malware, such as ransomware, and the data is not properly saved, it is not possible to recover it without paying a ransom, which can directly affect the victim’s activities and even the business continuity;

Phishing – in addition to investing in cybersecurity solutions, it is also necessary to train employees appropriately to learn how to deal with phishing attempts or other social engineering-based attacks by malicious attackers to gain improper access to systems. One way to address this problem is to alert employees how to detect suspicious emails from unknown senders, especially if it involves any user action, such as clicking a link or opening an attachment. Even messages received from trusted senders must be considered and verified before they are opened. 

As remote work becomes more and more common, companies of all sizes need to implement infrastructure in addition to the appropriate policies to minimize their exposure to cybersecurity risks. The list we presented here is a good start to give an idea of what should be considered in order to create an adequate policy to ensure the protection of the remote workforce. In this way, it is possible to reduce the risks of cyberattacks and avoid heavy penalties from data protection laws, which can affect the trust of employees, partners, suppliers, and even business continuity.

An Overview of Saudi Arabia’s Personal Data Protection Act (PDPL)

Saudi Arabia’s Personal Data Protection Law (PDPL) was implemented by Royal Decree M/19 of 9/2/1443H (September 16, 2021), which approved Resolution No. 98 of 7/2/1443 H (September 14, 2021). It was published in the Republic Journal on September 24, 2021. The Saudi...

The 5 Biggest Data Leaks of 2021

During the pandemic, cyberattacks grew more than ever. Theft, hijacks, and data leaks are increasingly popular practices in cybercrime. The lock and hijack for ransom (ransomware) category has stood out a lot, as data is a highly valuable resource and most companies...

HIPAA: Five Tips for Complying with The Certificate

What is HIPAA? Currently, this is one of the most frequently asked questions by many professionals working in the healthcare industry, especially in times of the Covid-19 pandemic. But why is it so important and what are its benefits for healthcare companies? First,...

How Does The LGPD Impact Companies?

Due to the growing technological development in the market, we can clearly see how much how consumers tend to buy products and services has changed. Through more practical technologies, such as cellphones, laptops, and tablets, for example, they are just a click away...

What Is the Difference Between IAM and PAM?

It is important to know the differences between IAM (Identity & Access Management) and PAM (Privileged Access Management). However, this theme still raises doubts for some people. First, it is necessary to understand that the need to obtain an identity is...
Copy link
Powered by Social Snap