Criminals would rather get lucky than work hard and be smart. The rush to remote work during COVID-19 has given them lots of opportunities to be lucky. Many companies suddenly allowed nearly their entire staff to work from home. This decision was usually necessary but hasty, without any assessment of how this would challenge their IT security and without any training to employees on what they need to do to keep company data safe even when they work remotely.

The Risks and Challenges of Working from Home

For employees who haven’t worked remotely before, the habits needed to keep data safe are new, and their home computing environments aren’t set up with security in mind. While many will have a password on their WiFi network, thanks to their internet provider, they may not have turned on firewall features to block unwanted connections. Their personal devices may be out of date and vulnerable to attacks, and they may also lack antivirus software. If they share their home computers with other family members, corporate data may inadvertently be exposed. Documents may be shared via unapproved cloud services or emailed around.

There are also many distractions when working remotely, especially when schools are closed and children are home. These distractions may make employees more vulnerable to falling for phishing attacks; studies have found the number of these attacks went up shortly after the crisis began.

Providing Security to Employees Working from Home

To increase security for remote work, businesses need to train employees on safe computing practices and provide them with the security tools they need to secure access. Businesses should:

• train remote employees to recognize and avoid phishing scams
• teach remote employees general safe computing practices, such as strong passwords and avoiding insecure WiFi
• provide remote workers with antivirus software for their home devices
• provide a list of approved cloud storage services to eliminate shadow IT
• utilize VPN to secure connectivity to corporate resources
• use mobile device management software to secure access via cellphones and tablets
• offer help desk assistance to set passwords on routers

But businesses shouldn’t rely solely on training users and installing controls on their devices. Businesses should take a layered approach to security, which requires tools and processes in the data center as well. For example, DNS filtering blocks access to unapproved websites. Patch management to protect against zero-day vulnerabilities is critical due to the increasing number of attacks.

Prescient Solutions Layered Security Products builds this layered approach to security into our managed technology services. Including security awareness training, anti-malware, DNS filtering, and other technologies, it’s a comprehensive and affordable security solution for businesses where vulnerability has increased along with the growth in remote work. Contact us to learn how Prescient Solutions managed technology services with layered security products can keep your business safe.