Dealing with the vulnerabilities of a distributed workforce
With more and more employees working from home and an increasing number likely to stay remote in the years ahead, companies are forced to reckon with something often ignored or put aside: cybersecurity across multiple touch points. Formerly, it was fairly easy to secure a centralized network in a physical location. A firewall, work-use-only devices and strict protocols governing access combined with comprehensive employee training, email monitoring and the banning of outside apps and websites could keep an organization reasonably safe. With the global pandemic sending employees home to work, often on their own devices, cybersecurity flaws have become glaringly apparent at all levels of an organization.
Bring-Your-Own-Device was a massive trend for a time as companies sought to shift the cost of devices to the shoulders of their employees. However, it quickly became apparent that maintaining security was more difficult when employees used their personal devices for work. The sheer number of apps without encryption used by the average employee, the common use of unprotected Wi-Fi points and the laxness of passcode use on personal devices was swiftly recognized as leaving far too many loopholes for bad actors to exploit.
Like card readers attached to gas station pumps in the hopes of snagging data from a corporate credit card, hackers turned to attempting penetration of the phones of employees, looking for a back door into employers' customer and financial records. Issuing a work-only phone with the appropriate security may be the only way to prevent unsecured devices from becoming a gateway through which hackers can pass.
Consumer internet connections
Employees working from home off a standard, consumer internet connection access a Wi-Fi signal that can be more readily hacked than your corporate headquarter's carefully firewalled and encrypted network. How can you prevent logins from being compromised when your employees are using their home connection to access sensitive data? The answer lies in demanding proof of secure routers, and also installing a VPN with zero-trust, so anyone logging in must go through two-factor authentication and multiple verification steps. Prepare for pushback as employees discover that logging in requires more than clicking a button below fields with saved usernames and passwords.
Speaking of passwords, make and enforce rules concerning them and assign credentials that change frequently if possible. Consider having employees use a protected password vault when it comes to company logins. Left to their own devices, employees often change their own password by adding a number of exclamation points or special characters, or by altering a single digit at the start or end of their credentials each time their login information needs to be updated. These patterns are easy for hackers to pick up on and replicate, trying different start and end variations of the known password base until they get in. Require employees use randomly generated passwords, or teach them how to choose pass phrases that are both easy to remember and virtually unhackable. Provide instant, real-time support for password resets to make adapting to these changes easier.
Employees are the No. 1 risk to your organizations' data and that of your customers. During the pandemic, hackers have exploited employees by composing emails relating to safety warnings, sending them out as if they came from someone in the company. Stimulus related emails purporting to come from banks have been another way past employees' security barriers. Remind employees to verify that an email is coming from their bank or corporate office before clicking on a link or resetting a password. Defending your company against intrusion hinges on employee education and reeducation in the face of a changing threat landscape.
Your IT professionals must be on the top of their game, and now could be a good time to either build up your in-house team or start outsourcing to a company well-versed in cybersecurity. Your employees will need support around the clock as they get accustomed to working from home and needing to access different systems remotely. When faced with unfamiliar authentication and verification requests from a zero-trust network, they may panic, become frustrated or repeatedly require help with password resets or permissions. Making sure your remote workforce has adequate IT support is imperative.
ML and AI
It could be time to bring machine learning and artificial intelligence into the mix. You can automate the most common support tickets with protocols run by programs, which will help your employees with password reset requests and route more challenging issues to the person on staff and on duty who is best qualified to help resolve their issue. Embracing these types of technology can free up your human employees to give a faster response for tickets that demand human input.
Perle offers industrial solutions such as console servers that support security, remote access, and advanced IT roles. Find out more about how we can help by reading some of our customer success stories