USA +1 855 726 4878  |  BR +55 11 3069 3925 

7 tips to prevent cyber attacks during remote work

by | Feb 8, 2021 | BLOG

The year 2021 has arrived, and organizations of all types and sizes are continuing their efforts to adapt their workforce to the new work reality imposed by the Covid-19 pandemic. People, who were previously working using corporate devices and infrastructure within its security perimeters, have been forced to quickly change their approach, now working from their homes and accessing the same resources as before lockdowns. And according to Cisco research published in the Future of Secure Remote Work report, even with the introduction of a vaccine against the coronavirus, IT decision-makers believe that a significant part of this workforce will continue to operate remotely, thereby accelerating the move to Cloud-based models and their projects linked to digital transformation. 

Many companies, however, did not have the adequate infrastructure to support a huge number of people working from their homes, let alone to ensure that sensitive data was not exposed. The change introduced by the pandemic has created a strong demand for digital solutions, bringing an important mission for the Information Security teams: not only to protect the company, its employees, and customers but also to guarantee business continuity. A Promon survey of 2,000 remote workers provides some worrying data: almost two-thirds of them had not received any cybersecurity training in the past 12 months. Besides, 77% of them are not concerned with data security while working from their homes. It is worth remembering that data protection laws provide for heavy sanctions in case of data leaks. If the personal data of Brazilians are leaked, for example, a company is subject to fines that can reach 2% of revenues or 50 million reais. 

In this context, the Covid-19 pandemic also brought new attack vectors to this entire remote workforce. With so many people using insecure devices and networks to perform their daily activities, malicious attackers saw an opportunity to exploit security gaps introduced by this form of work. Also according to the Cisco report, 61% of decision-makers have reported an increase of 25% or more in cyber threats since the pandemic began in March 2020. And for those who think cybersecurity is something that concerns only global organizations, this increase in threats is also reported by small (55%) and medium-sized (70%) companies. But what aspects should Information Security leaders consider in order to guarantee the security of data transmitted via unprotected devices and networks?

Virtual Private Network, or VPN – as a basic tool in the kit of those who want to guarantee data security, VPNs are old known to IT teams. In addition to the function of avoiding geographical restrictions, the use of these tools also improves privacy on the internet. Also, a VPN allows you to encrypt all internet traffic through devices;

Wi-Fi, or Wireless Connections – most Wi-Fi networks are secure in some way. However, when outside their workspaces, employees should be aware that using public wireless networks is one of the preferred targets for malicious agents to spy on internet traffic and collect sensitive data

Home Routers – many people do not change the passwords for their home routers when they are installed, which increases the risk of falling victim to a cyberattack. To prevent any malicious attacker from having access to the home network and thus gaining improper access to critical data, the first step includes changing the router’s password. Also, it is interesting to encourage employees and third parties to check and install device firmware updates.

Passwords – In these times, it is more important than ever that your passwords are properly protected. Unfortunately, many people use the same password for multiple-service access credentials, both personal and corporate. This means that if a malicious attacker has access to a compromised password, it will be much easier to gain access to other services, including corporate accounts. Therefore, it is recommended to use a PAM solution to manage these privileged credentials.

Multi-Factor Authentication – often, strong passwords are not enough to protect systems from unauthorized access. If a criminal has access to a credential compromised in a data leak, it is not difficult to compromise other user accounts. Thus, by using multi-factor authentication, such as confirmation via an OTP (One-Time Password) generated by an application or SMS, it is possible to add an extra layer of protection to user accounts;

Backups – all user files must be configured to be backed up, preferably in a cloud-based environment. If there is a cyberattack through malware, such as ransomware, and the data is not properly saved, it is not possible to recover it without paying a ransom, which can directly affect the victim’s activities and even the business continuity;

Phishing – in addition to investing in cybersecurity solutions, it is also necessary to train employees appropriately to learn how to deal with phishing attempts or other social engineering-based attacks by malicious attackers to gain improper access to systems. One way to address this problem is to alert employees how to detect suspicious emails from unknown senders, especially if it involves any user action, such as clicking a link or opening an attachment. Even messages received from trusted senders must be considered and verified before they are opened. 

As remote work becomes more and more common, companies of all sizes need to implement infrastructure in addition to the appropriate policies to minimize their exposure to cybersecurity risks. The list we presented here is a good start to give an idea of what should be considered in order to create an adequate policy to ensure the protection of the remote workforce. In this way, it is possible to reduce the risks of cyberattacks and avoid heavy penalties from data protection laws, which can affect the trust of employees, partners, suppliers, and even business continuity.

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...