Guide to Remote Work Security

Home: The New Cybersecurity Battleground

When the COVID-19 pandemic struck in 2020, businesses quickly adapted.

So did cybercriminals.

Companies emptied their office buildings and sent their employees home to work remotely. And organized criminals quickly learned to exploit the “new normal” by targeting improperly secured connections, applications, and unprepared work-from-home (WFH) employees.

Read on to discover how WFH increases your vulnerability to cyberattacks, and the steps you should take to protect your networks, data, and reputation.

To jump to a specific section, click on one of the links below.

Don’t have time to read the entire guide now?

Download the Remote Work Security Checklist

rw-checklist-thumb-drop

DOWNLOAD PDF

The New WFH Normal

According to research conducted by Professor Nicholas Bloom of Stanford University, 43% of the US labor force was working from home in June 2020 as the global pandemic was spreading and as state and local governments began mandating lockdowns.

A 2020 Gartner survey of company leaders found that 80% are looking at work from home as the new normal and plan to permit employees to work from home or remotely at least part of the time after the pandemic has lifted. A further 47% of company leaders plan to allow employees to work from home permanently.

In another survey of 669 company CEOs, conducted by PwC, 78% agree that working from home and remote collaboration are the new normal for the long-term.

According to studies conducted by the US Bureau of Labor Statistics, only 29% of Americans could work from home before COVID-19. But today, a whopping 98% of workers would gladly work remotely at least part of the time, and for the rest of their careers (Buffer).

The new work from home normal

This new WFH normal is being mandated by governments, encouraged by businesses, and enabled by technology. In particular, remote work is largely made possible by new cloud technologies, including:

  • Office productivity suites (Microsoft 365, Google Workspace)
  • Storage (Microsoft OneDrive, Dropbox)
  • Email (Microsoft Outlook, Gmail)
  • Video conferencing apps (Zoom, Microsoft Teams, Google Meet)

The New Remote Work Security Threats

Remote Work Security Threats


Business leaders are discovering that the new WFH normal is coming at a cost. Mandating that hundreds or even thousands of employees work from home is bringing some expected—and some unexpected—complications.

Employees who are working from home report feeling more stressed, and worker productivity has seen a drop in some cases. But the greatest threats to businesses are coming from the increased exposure to cyberattacks posed by remote workers.

"Organizations of all kinds are facing an uptick in email-based threats, endpoint-security gaps and other problems as a result of the sudden switch to a fully remote workforce. It’s now more important than ever to consider both the security practitioner as well as ethical-hacker perspectives in order to stay secure, that's what this is all about."

–William Altman, Senior Analyst at the Global Cyber Center of NYC, operated by SOSA

 

According to a study conducted by Malwarebytes:

  • 20% of respondents faced a security breach as a result of a remote worker.
  • 24% had to spend money unexpectedly to resolve a security breach or malware attack following the WFH shift.
  • 28% admitted that they're doing work on personal devices more than they are on company devices.
  • 18% acknowledged that cybersecurity was not a priority for employees.

This study and others demonstrate that the shift to working from home has caused a surge in security vulnerabilities and breaches. And yet many businesses and employees alike remain oblivious to the increased vulnerabilities—and unaware of best practices for protecting their remote workers from cyber threats.

The $40,000 Email

The $40,000 EmailA small business hires a new Chief Financial Officer. Delighted with her new position, the CFO updates her LinkedIn profile and announces to her LinkedIn connections that she has a new position.

Cybercriminals notice her update and mount a sophisticated spear-phishing attack against her. They send the CFO an email that purportedly comes from her new CEO. “I am travelling,” says the email. “Please pay the attached invoice by wiring the funds to this account.”

She assumes the email is legitimate. She wires the money. Her mistake costs her employer $40,000.

Source: Kaspersky

Remote Work Security Risks

A number of factors are conspiring to make working from home a prime target for cybercriminals.

Unsecured Home Network Setups

Unsecured Home Network Setups

For one thing, home setups are often unsecured. Workers access the Internet from home using consumer-grade wired and wi-fi connections. These connections lack the defense-in-depth safeguards of corporate networks, including VPNs, firewalls, and enterprise-grade antivirus solutions.

Naturally, many businesses are reluctant to enforce their corporate cybersecurity policies upon their WFH employees, which leaves these remote workers vulnerable to breaches and compromise.
Device Management

Device Management

Then there’s the issue of WFH employees using a mix of company-issued devices and personal devices to access corporate networks and work on sensitive documents. Some remote workers, for example, use their insecure smartphones to access corporate email and open and read attachments. This places them at greater risk of compromising their employer’s cybersecurity policies and safeguards.
Increased Distraction and Stress

Increased Distraction and Stress

A third threat that is perhaps unique to the global pandemic is distraction and stress. Many employees now working from home, particularly if their city is in some degree of lockdown, are facing greater stress, feelings of isolation and general unease.

Employees are suddenly working in close quarters with partners, homeschooling their children, and can become distracted throughout the day by the joint responsibilities and pressures of work and home life all under one roof. They simply don’t have the mental bandwidth to be hypervigilant about cybersecurity, making them prime candidates for phishing attacks, social engineering and other attacks that catch them unawares.

What all of this means for your organization is simple: If WFH is the future of work for your organization, then your exposure to WFH threats won’t vanish when COVID-19 does. You must prepare today for the growing cyberthreats of tomorrow.

COVID-19 Related Cyberattacks

Intruder email

"Someone was fooled by the email from the CEO and used his corporate card to send iTunes gift cards. We lost about $5,000."

150 employees

Sales order discrepancy

"The only reason we caught it was that it was a 6-digit sales order, and our sales orders are a 7-digit number."

250 employees

Phishing attack

"They got someone’s password, and sent an email to our CFO, who sent a $40,000 wire transfer."

150 employees

Source: Forrester Research study commissioned by Microsoft.

How to Take Action

Protecting your organization against WFH cyber threats involves your people, your platforms, your policies, and your processes. You must take a step-by-step approach to ensuring that you protect your networks and your data using WFH best practices.

Here are some practical tips to discovering your security situation, evaluating your security posture for your remote workforce, and deciding what you must do to fill in any gaps.

Step 1: Document Where You Are Today

Start with an audit. You can’t get to where you want to be tomorrow without knowing where you are today. So, get out a pen and paper and start documenting where you are right now. Here’s what you must audit.

Plans, Policies and Procedures

Plans, Policies and Procedures
  • Cyber-Incident Response Plan. Does your organization have a documented Cyber-Incident Response Plan? And, if you do have one, when was the last time you updated it? And if you have, when’s the last time you and your team went over it together?
  • Cybersecurity Policies and Procedures. If COVID-19 hasn’t changed your cybersecurity policies and procedures, it should have. Look for gaps that indicate your exposure to work-from-home cyber vulnerabilities.
  • BYOD Policy. If you allow your employees to bring their own devices to work, and if you have that permission documented in a BYOD Policy, is that policy still accurate, now that employees are using devices at home that your current policy may not cover?
  • Remote Working Policy. If you had remote workers before COVID-19 hit, you likely have a documented remote working policy. Now that a larger percentage of your workforce is working from home, is that policy still accurate and comprehensive enough to reflect the current situation?
  • IT User Policy. You likely have a policy that governs acceptable uses of company-issued computers and devices. But is your acceptable use policy still relevant now that many of your workers are using their work computers at home? Plus, have all your WFH employees signed it?

Training

Training
  • Security Awareness Training. Does your cybersecurity training reflect the new WFH reality? If your organization is typical, most of your cybersecurity training concentrates on best practices to be used within the four walls of your corporate offices. But what about training that includes the new cyber threats your staff are facing at home?
  • WFH Employee Awareness. Are your WFH staff aware of the increased threats posed by unsecured home networks, personal devices, phishing attacks and more? If you have not conducted any new or refresher training since the pandemic hit in 2020, your staff are likely in the dark, unaware of the threats they (and your corporate networks) face.

Compliance

Compliance
  • Security Standards. Are you subject to ISO 27001, NIST, CMMC, FAR/DFARS, HIPPA, CJIS, FINRA, or other security standards? Are you in compliance with those standards? Have those standards changed since COVID-19 arrived and your security posture changed?
  • Data Privacy Regulations. Are you subject to GDPR, CCPA, PIPEDA or other data privacy regulations? Have any of those regulations changed in recent months to reflect the new reality of work from home? Plus, are you in compliance today?
  • Supplier Policy. Your suppliers may present a weakness in your cybersecurity defenses. If you operate an ERP, supplier portal or other system that gives your suppliers access to your remote employees, and vice versa, have you checked that your suppliers meet your standards for WFH security?

Testing

Testing
  • Vulnerability Scanning. When did you last conduct a vulnerability scan of your corporate network? Are you testing your networks frequently enough? Do your tests reflect the kinds of attacks that cybercriminals are mounting after breaching work-from-home employee accounts?
  • Firewall Configuration Review. Is your corporate firewall configured to reflect the latest WFH threats? Have you reviewed your firewall configurations recently, and tested their validity and effectiveness?
  • Remote Access Security Review. If you have remote workers, you have increased security vulnerabilities. If you have increased numbers of remote workers, you have increased numbers of vulnerabilities. Have you hunted for remote access vulnerabilities recently?
  • Phishing Assessment. One of the greatest threats you face is phishing and spear phishing expeditions conducted against your WFH employees. When did you last go on a white-hat WFH phishing expedition to discover how alert your employees are to these attacks?

Safeguards

Safeguards
  • Software. Some of the protections against WFH attacks involved people and training. Others involve software. Are your anti-virus and anti-malware software up to date, both on-premises and off-site, in your employees’ homes?
  • MFA. How are you protecting your networks and data against attacks that are made possible through the theft or loss of login-credentials? For example, do you require WFH employees to use multi-factor authentication to access corporate networks?
  • VPN. Are you operating a Virtual Private Network that enables your WFH employees to send and receive data across shared or public networks as if their computing devices are directly connected to your private network? Do you require your WFH staff to access corporate networks through your VPN?
  • Encryption. Some threats come from portable devices (laptops) and removable storage devices (USB drives). Are you guarding against cyberattacks by insisting that all remote worker hard drives and USB drives are encrypted?
  • Storage. Do you prevent WFH staff from saving sensitive documents to personal devices, devices that can get stolen from homes and cafes?

Step 2: Decide What You Must Improve Immediately

Once you have audited your current policies and procedures, training, compliance, and safeguards, you will have a clear picture of where the gaps are. You are ready for remediation. Here are the things you should do first to ensure that you quickly gain as much protection as possible against WFH threats.

Secure Identity and Access

Secure Identity and Access
  • Passwords. Ensure that WFH employees are using strong passwords. Strong passwords are hard to guess, by humans and by computers. Require that employee passwords contain a larger number of characters, and contain a mix of numbers-, upper- and lower-case letters, and special characters.
  • MFA. Employ Multi-Factor Authentication so that WFH staff need more than a simple username and password to log in to corporate devices, accounts, and networks.
  • Lost credentials. Protect against lost or stolen login credentials with MFA and self-serve password reset.

 

Secure Personal and Company-Owned Devices

Secure Personal and Company-Owned Devices
  • Devices. Require employees to keep all work documents and data on company-owned devices.
  • Remote Desktop. Enable remote desktop access so that apps and data are no longer stored on WFH computers.
  • Storage. Limit the diversity of storage repositories available to WFH employees to limit the number of avenues of attack.
  • Apps. Prevent employees from using cloud-sharing applications that have not been vetted for privacy and security.
  • Operating Systems. Ensure that employees secure their devices based on best practices for their operating system, whether Windows or Apple OS.

Safeguard Confidential Business and Customer Data

Safeguard Confidential Business and Customer Data
  • VPN. Ensure that all WFH employees access corporate networks only through secure VPN connections.
  • Backup. Backup data on remote devices to guard against loss or theft. Don’t allow employees to only backup data on local devices in their homes. Insist that another backup is also made to a device outside the home.
  • Encryption Encrypt email communication and all sensitive documents so that any data intercepted in transit by cybercriminals is protected.

 

Protect Your Users Against Cyberthreats

Protect Your Users Against Cyberthreats
  • Training. Protect against accidental data leaks by training WFH staff how to recognize and avoid phishing attacks.
  • Spoofing. Defend against impersonation and spoofing by using software that protects WFH employees against these threats (Defender for Office 365, for example).
  • Malware. Deploy AI-powered malware scanning to detect malicious email attachments.
  • Web content. Guard against malicious web content by filtering for offensive, inappropriate, and dangerous content.

Securing Your Remote Workers Checklist

Ntiva’s Recommended Security Services For Remote Workers

Ntiva offers a number of services to protect your WFH staff, remote workers, corporate networks and data against cyberattacks. We recommend that you employ as many of these protections as your situation and budget allow.

  Basic Better Best

Multi Factor Authentication (MFA)
Passwords alone no longer offer adequate protection against cyberattacks, data breaches and fraud. Reduce password risk by making sure your employees are who they say they are when accessing corporate applications, regardless of device or location.
Download the data sheet.

Ntiva technology partner: Cisco Duo
orange-checkmark-circle-lg

 

orange-checkmark-circle-lg

 

orange-checkmark-circle-lg

 

Phishing Prevention Training
Most security incidents start with a phishing attack aimed at employees. Managed anti-phishing training provides you with an automated monthly campaign that steadily increases your employees’ ability to recognize, report, and block attempted phishing attacks.
Download the data sheet.

Ntiva technology partner: Cofense
orange-checkmark-circle-lg orange-checkmark-circle-lg orange-checkmark-circle-lg

DNS Filtering
You likely have a firewall, spam filtering and antivirus protection in place. But the sophisticated nature of today's cyber threats and the massive increase of home workers means this is no longer enough. DNS filtering adds an extra layer of security, blocking malicious or forbidden websites and applications so that they cannot be loaded on end user devices before these threats become attacks.
Download the data sheet.

Ntiva technology partner: Cisco Umbrella
orange-checkmark-circle-lg orange-checkmark-circle-lg orange-checkmark-circle-lg

Cloud Backup and Recovery
Successful backup is an absolute must have and is the foundation for true disaster recovery and business continuity. Old backup systems need to be upgraded! Today's up-to-date, hybrid solutions offer fast, full system restores, easy recovery of individual files, and full off-site data protection with instant failover.

Ntiva technology partner: Datto or Veeam
orange-checkmark-circle-lg orange-checkmark-circle-lg orange-checkmark-circle-lg

Vulnerability Scanning
Before you layer on extra security, it pays to do a comprehensive network scan for the kinds of vulnerabilities attackers target most, including missing security patches, insecure settings, and unneeded services. These findings are analyzed, prioritized, and addressed, closing loopholes before attackers can exploit them and setting you up for security success.
Download the data sheet.

Ntiva technology partner: Qualsys
  orange-checkmark-circle-lg orange-checkmark-circle-lg

Endpoint Detection and Response
Anti-virus software may protect you from the simplest attacks, but it can't protect you against sophisticated, modern hacking techniques. EDR uses powerful AI to stop attackers in their tracks—even when your devices are outside the office firewall—and is backed by a 24x7 Security Operations Center.
Download the data sheet.

Ntiva technology partner: SentinelOne
  orange-checkmark-circle-lg orange-checkmark-circle-lg

Mobile Device Management (MDM)
If you have a team of home workers untethered from the core network, your standard desktop management policies will not apply. MDM solutions are used to monitor, manage and secure mobile devices, including laptops, tablets and smartphones, whether corporate or employee owned. This is another must-have for a truly secure mobile business environment.
Download the data sheet.

Ntiva technology partner: Microsoft Intune and Addigy
    orange-checkmark-circle-lg

Intrusion Detection and Response
Today's modern IDR solutions monitor your network 24x7 for signs of attack before they happen. Necessary to meet most regulatory compliance requirements (NIST, CMMC, etc.), IDR consists of an automated threat detection system, skilled security experts who review these alarms, and remediation that happens in near real-time without interrupting your business.
Download the data sheet.

Ntiva technology partner: AlienVault or Seceon
    orange-checkmark-circle-lg

Remote Work Security Resources

Remote Work Security Checklist

Remote Work Security Audit

Download the checklist

Ntiva Cybersecurity Solutions OverviewNtiva Cyber Security Solutions Overview

Download the data sheet

Ntiva Managed Security Services

Ntiva Managed Security Services

Watch the video

Sample BYOD PolicyBring Your Own Device (BYOD) Policy

Download the template

Guarding your networks, data and brand reputation in the age of WFH and remote workers means re-thinking many fundamental areas of your security posture. You need to re-think your BYOD policies, your acceptable use policies and other policies and procedures. You need to get a handle on the protections you currently have in place, and then take orderly steps to add security where needed.

During your journey, you may want to consider using the services of a company that delivers Managed Security Services.

At Ntiva, we build affordable, comprehensive cybersecurity solutions for businesses of all sizes, in any environment. Our in-house team of cybersecurity experts protect your data, help you meet compliance requirements, and give you confidence that your business is safeguarded against the cyber threats posed by WFH and remote work.

If this sounds like something you’d like to explore, read our Cyber Security Solutions Overview, or contact us today.

Remote Work Security Solutions

Ready to Get Started with Cybersecurity Services?

CONTACT US TODAY