The decentralisation of workforces has been a growing trend over recent years, driven by advances in technological connectivity, local industry decline in retail and manufacturing amid increases in service-based offerings, and due to shifts in social dynamics and values in favour of greater work-life balance.
While there are many benefits to a decentralised, or remote workforce, it is not without risks and challenges.
This is particularly relevant as Australian businesses adapt their operations and workforce in response to COVID-19.
The sudden and significant impact of the global pandemic has required rapid implementation of new technologies, and changes to processes to accommodate an operating model that supports remote working. While many businesses have successfully adapted to the new environment, many are unaware and unprepared for the elevated and associated cybersecurity threats that endanger privacy, security and the protection of an organisation’s data.
When your staff are working remotely your cybersecurity risk changes. Cyber criminals prey on weakness and vulnerability, exposing businesses that don’t have the systems and processes in place to protect their data while its people operate remotely. In recent weeks and due to the current uncertain environment, there has been a rise in activity with cyber criminals actively using COVID-19 as an angle in their attacks.
Below are considerations to assist you and your organisation in addressing the increased security risk of remote working.
Increase your security awareness
Security awareness has always been important, but with the dramatic rise in internet and mobile communication technologies among businesses and individuals, there has also been an increase in phishing emails, fraudulent text messages and other scams.
To combat exposure, regularly communicate with staff regarding the implications of the increased risk, what to be watchful of, and how to report a cyber incident. In addition, a staff training program that is easily accessible, for example through video tutorials, will provide the necessary learnings to empower staff to avoid falling victim to cyber-criminal activity.
Phishing and scam messages often contain a sense of urgency, low or inconsistent or “off-brand” designs and grammar mistakes. These messages may also come from email addresses that look legitimate at first glance but are upon closer inspection fraudulent.
Implement multi-factor authentication
With staff connecting to business systems remotely secure authentication is vital to protecting your data. Cyber criminals will try to log into these same systems, often by using credentials they have stolen or guessed. To ensure only authorised staff have access to your systems and data it is important to implement multi-factor authentication.
The most common example of multi-factor authentication is text messages providing a unique numeric code that are sent when someone logs into a system. The numeric code must be entered as part of the login process. Multi-factor authentication is offered by a variety of vendors and often included in cloud subscriptions such as Office 365 or Google Cloud. In many cases implementation can be as simple as configuring phone numbers for all users and enabling multi-factor authentication.
Secure remote working environments
To access the tools of the trade such as email applications and cloud document storage, staff require an internet connection. While staff on physical office premises have access to a secure digital connection, remote workforces may not; using home or public WI-FI networks to get online. If a local Wi-Fi network is not secured correctly cyber criminals can access and download insights and data sent over the network. Staff should consider changing the default admin password of their home Wi-Fi router, disabling remote management from the internet and ensure they update to the latest firmware on their connected devices.
Additionally, staff may also need to print organisational information, some of which may be sensitive. Organisations should communicate to staff the importance of disposing of any printed material in a secure manner, for example through shredding. Depending on the content, privacy legislation and regulations may apply to these printed documents, only further increasing the need to dispose of these documents in a secure manner.
These simple steps can assist organisations to minimise risk of exposure to cyberthreats as they mobile their workforce and business operations in response to COVID-19.
For questions or more information about managing your security as your organisation and environment changes, contact your Pitcher Partners specialist.