By Spence Witten, a senior advisor at 38North Security.
Those lucky enough to work remotely at the start of the COVID era were able to keep themselves and their companies going, despite the intense pressures of that challenging time.
This shift to remote work fundamentally changed how we use IT. Use of Zoom increased by 30x in April 2020, as teleconferences went online. Slack workspaces proliferated. And corporate spending on cloud services grew by nearly 40%.
It increasingly seems that many of these changes will remain in place, as the pandemic continues and organizations appreciate the benefits of keeping at least a partial remote footing.
So instead of using work computers on internal networks to manage documents and send basic email, our devices are now full-fledged collaboration hubs, reaching out over the internet to exchange data with countless different services. Further complicating the online security picture, all this new collaboration takes place without the traditional protections provided by in-house cybersecurity teams.
Attackers Get COVID-Creative
In addition to changing how we use IT, COVID gave cyber criminals new avenues for creative attacks. Some of these – like Zoom bombing – while disruptive and often repulsive, ultimately did little to threaten data security. But criminals also used the pandemic for more destructive attacks that stole credentials and spread malware.
As just one example of many, the Center for Internet Security tracked numerous cyber attackers creating fake websites and sending fake email designed to steal data. Attackers would impersonate the IRS, the CDC, state governments, etc. to trick users into divulging sensitive information or downloading malicious software. On the technical front, attacks started aggressively targeting home networking equipment like routers, to modify settings, and redirect users to make sites eavesdrop on communications.
Speak Up to Enhance Online Security
I’ve spent the past 10 years or so of my cybersecurity career working remotely. Done right, remote work can be every bit as safe as working from even the most secure office space.
But going remote brings the corporate threat landscape to your front door. There’s only so much that you can do, as an individual working from home, to harden yourselves against the types of focused attackers that go after businesses. This is especially true if you work for a larger organization, one that’s a prime target for cyber-attacks.
As important players in your organizations, I encourage you (and the executives you support) to speak up, ask questions, and make sure that your company is doing everything it can to stay safe.
Here are some things to talk to your organization about to ensure you are as safe at home as you would be in a hardened office space:
- Dedicated, Hardened Computers: Your organization should be providing you and your executives with specialized computers for working remotely. They should be equipped with enterprise-grade anti-malware, host-based firewalls, and secure methods for remotely accessing corporate resources. If your organization is expecting you to use your personal home computer for work, this is a red flag. Speak up, and make sure your IT team equips you with hardened, dedicated computers.
- Secure Access Control: If you’re accessing your organization’s IT systems and not using some form of multi-factor authentication (MFA), this is a security issue. There is no excuse these days for not using MFA to keep your accounts safe. If it isn’t already doing so, ask your organization to implement MFA to safeguard corporate accounts.
- Remote Access Security: In the rush to work remotely, a lot of corporate IT teams just opened systems up, without much regard for the security implications. Don’t be shy about asking questions about how remote access is managed and kept secured by your organization.
- Reputable Cloud Service Providers: Using Cloud Service Providers (CSPs) can be a secure way to manage data. But not all CSPs are created equal. Raise your concerns and ask questions about how your organization selects CSPs, what security standards those CSPs adhere to and how that vendor relationship is managed.
If your organization is especially sensitive, you may want to consider asking your company to upgrade your home network for you. Consumer grade modems and routers are not the most secure bits of network gear. If your organization is a consistent target for cyber criminals, your IT/security team may want to upgrade your home network, and the networks of the executives you support. This will help harden your home security to enterprise standards.
It Takes a Village to Secure Cyberspace
There are steps you can take as an individual to secure your home network. But responsibility for cybersecurity in the COVID era is a two-way street. Your organization also needs to step up and do their part to keep you secure while working from home. Speak up, ask questions, and encourage your organization to take on part of the responsibility for keeping you safe, even when you’re not in the office.
© 2021 Julie Perrine International, LLC
HOW TO USE THIS ARTICLE IN YOUR NEWSLETTER OR WEBSITE
Want to use this article in your newsletter, ezine or website? You can — just as long as you include this complete blurb with it:
Julie Perrine, CAP-OM, is the founder and CEO of All Things Admin, providing training, mentoring and resources for administrative professionals worldwide. Julie applies her administrative expertise and passion for lifelong learning to serving as an enthusiastic mentor, speaker and author who educates admins around the world on how to be more effective every day. Learn more about Julie’s books — The Innovative Admin: Unleash the Power of Innovation in Your Administrative Career and The Organized Admin: Leverage Your Unique Organizing Style to Create Systems, Reduce Overwhelm, and Increase Productivity, and Become a Procedures Pro: The Admin’s Guide to Developing Effective Office Systems and Procedures.