Security risk factors for remote work without planning

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on whatsapp

According to a US survey, it is estimated that more than 300 million people worldwide are working from home due to the COVID-19 pandemic.   

A 2017 study points out that remote work increases productivity by 13%. It saves time, reduces absences, increases life quality, and so on. There are many benefits and, like any other technological solution, some risks.    

From February 1st through the first half of March, more than 300 websites with malicious domains using the term ”COVID-19″ in their URL were served up; some of these were used to spread malware and scams. The subject matter ranged from advertisements promising medicines against COVID-19 to news, andlll the websites, reportedly coming from legitimate organizations, such as the World Health Organization.   

The high flow of data along with the changing behavior of companies on a large scale can cause unwanted Cybersecurity risks for Organizations if the adoption of remote work security is not implemented.   

What if your company was not prepared, what should you do?  

VaultOne has put together some pointers to help you prepare a more secure home-office experience. 

Table of Contents

Points that should be covered in the security planning stage

1. Assess whether the IT structure for remote work ensures that employees have adequate devices and that access to corporate information is secure.   

2. Protect employee applications and devices: secure access to systems, adopt encryption, firewalls, and have response mechanisms in case of an attack.   

3. Have a Business Continuity and Crisis Management Plan that includes cybersecurity, convering contingency situations, reaction to unexpected events, and employee training.  

4. Make employees aware of the benefits and security risks that remote work can bring.  

Security risk factors for remote work without planning

  1. The use of insecure networkslike the user’s home wifi or an open network close to their home, can become a risk factor. The open networks can be intercepted, the routeritself can suffer cyberattacks, changing the DNS of the device, directing all the Internet traffic to the servers that the hacker controls. All these actions can lead to data theft.   
  2. The company may not have enough machines for all employees, instead authorizing the employee to use his personal computer.In this case, IT has no control over the device, leaving basic system security updates up to the user. Failing to update the device leaves the machine vulnerable to attacks, scams, and credential theft.
  3. Corporate devices can be stolen or lost, and data can fall into the ”wrong hands”.  
  4.  Shared resources (corporate e-mails, virtual disks, file servers) can be accessed by cybercriminals through remote access on the machine of the user who presented the breach; furthermore, they can spread malware throughout the corporate network. Therefore, remote access must be secure.   

Points that should be covered in the security planning stage

1. Assess whether the IT structure for remote work ensures that employees have adequate devices and that access to corporate information is secure.   

2. Protect employee applications and devices: secure access to systems, adopt encryption, firewalls, and have response mechanisms in case of an attack.   

3. Have a Business Continuity and Crisis Management Plan that includes cybersecurity, convering contingency situations, reaction to unexpected events, and employee training.  

4. Make employees aware of the benefits and security risks that remote work can bring.  

Step-by-Step for Remote Work Security

  • Always keep software and the operating system up to date   
  • Adopt a protection system (antimalware, firewall, antivirus)   
  • Control access to USB ports 
  • Apply restrictions that prevent users from downloading and installing unauthorized software   
  • Consistently backup data  
  • Use applications that allow remote wipe, allowing the network administrator to send a command that deletes the device’s data and informs the location of the equipment in case of theft  
  • Be aware of the links you receive and sites you access through mobile devices, social networks, emails. Check if the URL addresses are original   
  • Review the complexity of your passwords and, if possible, use the two-step authentication process   
  • Implement a password manager and access control  

How VaultOne can help

VaultOne directly accesses internal company resources without the need for VPN or VDI. With VaultOne, employees can enjoy all programs without compromising their machine’s processing power. The installation is fast and simple and can be connected to Google G Suite and Microsoft 365.

VaultOne meets all remote access needs, requiring only a network connection to provide access. In addition to providing secure access, VaultOne also features password management, PAM, and identity management within its platform.   

Talk to our experts today and increase the level of protection for your business.