With the recent dramatic rise in home working as a result of the worldwide Coronavirus Pandemic, it’s vital that organisations take swift and decisive action to protect their organisations from cyber threats.
For many organisations, the seismic shift in employees’ working routines and the rapid transformation of organisations’ IT infrastructure has opened up swathes of security vulnerabilities that hackers are actively exploiting. The old adage, that change means opportunity has sadly never rang truer than for the current opportunities that have arisen within easy reach of cyber attackers. The vulnerabilities are not ethereal and intangible. They can be simply categorised into home computers and home networks; the most potent vulnerabilities are summarised below.
NO CORPORATE FIREWALL - The firewall performs a simple yet critical role. It sits between computers and the internet, protecting computers from malicious external attacks. Home firewalls, if present, are not comparable in protection levels.
NO WEB FILTERING - Companies typically have network-wide controls preventing users from visiting malicious websites, often originating from phishing emails – it is rare for sophisticated filters to exist on home networks.
SHARED NETWORK WITH HOME DEVICES - Home networks support many different devices in a typical household, ranging from an Amazon Alexa to an internet-enabled toaster to a child’s tablet PC. These devices have their own vulnerabilities and once exploited, malware could spread itself beyond the device and onto an employee’s computer used for work.
NO SECURITY CONTROLS - When contrasted with corporate computers, the home computers that employees may have transitioned to for their day-to-day work frequently lack encryption (protecting the data on the device if it is stolen) and good quality antivirus (the final layer of defence against malicious programs).
SOFTWARE OUT-OF-DATE - Without a centralised method of ensuring Windows and Macintosh operating systems, alongside regular software programs such as Microsoft Office and Adobe Photoshop, are continually up to date, many home machines will be left with vulnerabilities that are known and published, often on the dark web.
NO VISIBILITY - If a computer belongs to a home user, organisations likely wouldn’t even know it exists. The consequences of this are significant: organisations lose data sovereignty and cannot ascertain where their corporate data resides or their level of corporate risk.
Fortunately, there are steps that can be taken to mitigate against these without moving mountains, and in fact a relatively small amount of work can make a massive difference, these steps are outlined below.
- Attain total visibility of your company environment and understand where your computers are that access your corporate data and systems, and who they belong to.
- Roll out your corporate antivirus, an encryption solution, cloud patching and device-layer DNS protection to all computers within your environment.
- Enable and enforce two-factor authentication on all company critical systems such as email, filesharing and accounting platforms.
- Monitor all of this on a continual basis to ensure the company remains secure.
Please note, this content is not produced by the IoD and therefore does not necessarily represent the views or thoughts of the organisation.
ThreatAware is offering IoD members free access for 60 days to its unique cybersecurity management platform. Helping you to find and secure the computers of remote workers within your network and organisation. Within an hour of signing up, your organisation will gain deep visibility into any computers that are accessing corporate data and systems, and can swiftly secure them to guard against the recent rise of cyber-attacks amidst the perils of home working.
Sign up for free