How To Keep Remote Workers Secure During COVID-19 And Other Crises
Add bookmarkThe headlines have been screaming about Zoom bombing lately, and it was just a matter of time before hackers took advantage of a remote workforce to infiltrate video conference calls. There has also been a rise in COVID-19-related phishing attempts. So how do you protect a remote workforce?
Before the pandemic spiked in March, “we all knew telecommuting was an option but whose boss is going to allow that to be the preferred method for attending a meeting?” says Timothy C. Summers, Ph.D., CEO, of cyber security consultancy Summers & Company. Then came the massive shift to moving employees to working remotely full time.
“This is a true black swan event and everyone’s clamoring to utilize whatever tools they have already or could get access to without breaking the bank,’’ says Summers, who is also executive director of cloud and advanced engineering services at Arizona State University.
What they are most relying upon right now, Summers says, is virtual desktop infrastructure (VDI) and video conferencing platforms. He notes that ASU has surpassed 60 million minutes' worth of interactions in almost 150,000 Zoom sessions. The university has also moved 5,000 course completely online, he adds.
Organizations are also relying upon VPNs right now for encrypted connections, notes Ross Leo, CISO of digital monitoring platform provider InvisAlert Solutions. But while a VPN can facilitate secure connections, “there must be a [secure] tool at the other end to enable secure collaborations,’’ he says. “VPNs are the bricks, but if you don’t have mortar to glue them together you’ve only solved half the problem.”
Now More Than Ever, You Need A BYOD Policy
Leo says a lot of companies have not effectively dealt with the BYOD phenomenon. “This kind of situation brings up the importance of dealing with it,’’ he says. “Businesses have a tendency to ignore things until they’re staring them in face or like with COVID-19, it blows up.”
With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
Companies need to have a BYOD policy – but also a way of enforcing it before it becomes an issue, Leo says. That might mean telling employees they are allowed to use their own devices for work, but because the company does not know what is on those devices, “what I can do is tell you what the rules are.”
They should be anti-malware, VPN capabilities and a mobile device management system, he says. That way, “I can enforce protection because I want you to be able to connect to do work, but I have to protect myself from you,’’ he says.
Companies should also implement multi-factor authentication on a VPN, maybe through a soft token, Leo says. “That way they can assure themselves they have safe connections.”
Communicate And Create Awareness
Leo says if he were a CISO being tasked with keeping a remote workforce secure, he would create “a continual program of awareness,’’ that reinforces the need for employees to be even more cautious right now because of how crises like the coronavirus pandemic get exploited, he says. “Unfortunately, they give rise to more scams and more phishing and more types of attacks that will prey on people through fear and false presentation of what appears to be sound advice.”
Summers agrees, adding that there are “tons of fake websites being stood up for COVID-19, and foreign governments hacking into departments of universities responsible for doing COVID-19 research.”
Technology is not the sole answer, though, he says. The uncertainty and continual news with scary numbers coming out are prompting people to let their guards down, Summers believes. “For people used to being in an office, this is life shattering for them. So organizations have to mindful of something that is not tech driven — their people right now.”
Some other tips for keeping remote workers safe:
- Use VPNs and keep them and Windows programs patched.
- When possible, use corporate-issued devices.
- Use passwords, change them often, and implement two-factor authentication.
- Encrypt drives and connections.
- Lock down your browser—use only the extensions you really need right now.
- Keep your devices safe and turn on the “find my device” feature.