2020 sparked a dramatic shift in working styles, technology requirements, and general business operations. In a matter of weeks, employees were working from home, and businesses had to contend with unprecedented security risks and cyberattacks. Now, even as businesses transition back to office life, many employees will either remain remote or adopt a hybrid working style and float back and forth between their home and corporate offices. Unfortunately, remote and hybrid work opens the door for increased cybersecurity risks. Using personal computers, at-home or public Wi-Fi connections, unencrypted communication channels and unprotected mobile devices leave room for cyber criminals to squeeze their way into your company’s systems.
In 2021, Tenable released a report that found that 80% of security and business leaders believe remote work has increased their organization’s exposure to security risks. Verizon’s 2022 Mobile Security Index also found that 45% of surveyed organizations had recently experienced a mobile-related security breach, nearly twice as many as the year before. In addition, 73% of these organizations described their compromise as “major.”
Businesses can’t afford to turn a blind eye to cybercrime. As the old saying goes, prevention is the best medicine. Understanding cybersecurity risks and best practices will enable you to defend your employees’ home offices (and critical information) from attack.
Why Are Home Offices Prone to Cybersecurity Attacks?
While remote and hybrid work styles have their share of benefits, they also leave the door open for cybercriminals to slip into your systems. According to Microsoft, cybercriminals use three main entrance vectors to access company systems and information: remote desktop protocol (RDP) brute force, vulnerable internet-facing systems and phishing.
Remote Desktop Protocol (RDP) & Server Message Block (SMB)
Most employees who work from home need direct access to their company’s systems. To accomplish this, businesses may set up an RDP or SMB protocol so employees can remotely tap into their office computers and connect to the Windows network. Unfortunately, without proper security measures, direct access to company systems can give cybercriminals a direct back door to your data.
Vulnerable Internet-Facing Systems
Many remote/hybrid employees access company data on personal computers and unprotected mobile devices. This is especially risky when employees use their devices on an easily-hackable home or public Wi-Fi network.
Phishing
Cybercriminals are experts at manipulating emails and messages to look like they are from reputable sources. In remote environments, it’s challenging for employees to recognize phishing emails – especially when messages look like they are coming from your company’s “IT department,” “management” or “coworkers.”
12 Best Practices for Protecting Home Offices
Protecting your company and employees from cyber attacks is an ongoing battle. As technology changes, you must continually adapt and adopt new security measures. To ensure your systems are safe, follow these 12 best cybersecurity practices for defending home offices:
Conduct an External Vulnerability Scan
A trusted security/managed services partner can conduct an open-source intelligence (OSINT) study to help identify all of your external resources. Armed with this information, they can conduct an external vulnerability scan that will crawl through internet-facing IP addresses to identify prominent security risks. After the scan, your partner will email you a link to look at your results and walk you through any potential risks.
Adopt Multi-Factor Authentication
Multi-factor authentication (MFA) is the “new and improved” version of two-step verification. Rather than relying on easily-hackable passwords, MFA looks at several factors to authenticate accounts. For instance, instead of sending a verification email to the address on file, you may receive a text message with a code to log into your account. Hackers would need access to both your email address and phone to bypass this security measure – making it an effective way to protect your accounts.
Ensure Employees Use Approved Endpoint Detection and Response (EDR) Systems
Your employees’ built-in anti-virus software may work fine for personal browsing, but when it comes to protecting your company’s information, they need a more robust solution. If you have employees working from home or using their personal computers to work outside the office, giving them access to your corporate EDR software will ensure their devices are protected.
Adopt VPN Usage
A virtual private network (VPN) provides employees with additional security when connecting to the internet. VPNs are typically built into your firewall and often have various layers of functionality to ensure anti-virus systems are working as expected and appropriate patches are installed before an employee can log in. In addition, a VPN will also encrypt the data sent back and forth between servers to ensure no hackers are accessing information as it moves back and forth between corporate and home offices.
Keep Systems Up-To-Date
Microsoft and other major software companies frequently update systems to ensure they are safe against the most current cyber threats. However, your company will only benefit from these security patches if your software is up-to-date. For the best protection, ensure all of your employees keep their devices updated and operating on current software models.
Set Up Secure Home Wi-Fi Connections
Home networks aren’t as secure as in-house, corporate servers. If your remote or hybrid employees use Wi-Fi networks that are also connected to smart TVs, gaming systems, home security systems and digital assistants, they may inadvertently open the back door for hackers to steal your information. To avoid this, encourage employees to set up a separate, isolated Wi-Fi connection that they only use for work (and that no one else has easy access to).
Be Careful When Connecting to Public Wi-Fi Networks
Like the last point, ensure your employees are careful when connecting to public Wi-Fi to do their work. When working in a public space, ask employees to connect to a personal hot spot. If this option is unavailable, they may connect to public Wi-Fi as a last resort – but only while using an approved VPN.
Strengthen Mobile and IoT Devices
As more work functions require mobile and Internet of Things (IoT) technology, ensuring these devices have as much protection as everything else in your tech stack is critical. Verizon discovered in its 2022 Mobile Security Index that 66% of respondents said they had come under pressure to “get the job done,” even at the expense of sacrificing mobile device security, and 52% had succumbed to that pressure.
Move Communications to Encrypted Channels
To navigate communications in a remote/hybrid environment, many teams have fallen back on the programs they use in their personal lives. Unfortunately, consumer-facing communications platforms are not as secure as encrypted programs and can lead to data leaks when sensitive information is shared via chat. To avoid this, encourage using encrypted channels over common chat platforms.
Train Employees on Security Best Practices
Getting your employees up to speed on cybersecurity policies and best practices is crucial in defending home offices against cybersecurity attacks. Communicate what to look out for, why following security measures is necessary and what to do in case of a security breach.
Adopt a “Zero Trust” Approach
A “zero trust” mentality is a cautious one. Following this principle means that instead of trusting every digital interaction or prompt, you verify it first. For example, instead of staying logged into the company network for long periods, encourage employees to log off when they step away from their computers. Similarly, if someone from the company sends an email requesting personal information, call that person first to verify the email came from them.
Don’t Forget About Contractors
When working with contractors or outside agencies, be sure they are also using secure networks and devices when interacting with your systems. In addition, be sure these workers only have access to the information necessary to complete their jobs. This is a critical step for contractors and employees of your organization. A marketing specialist does not need to know everything that goes on within your finance department and vice versa.
The Benefits of Working With a Cybersecurity Partner
Protecting your organization from the threat of cybercrime is a never-ending journey. In addition to the steps we laid out above, you must continually test your security measures and make adjustments as needed. Managing cybersecurity for an entire company (even small and mid-sized ones) is significant. Thankfully, you don’t have to do it alone.
By partnering with a certified, trusted cybersecurity partner, you can ensure your organization is protected on all fronts, all without the hassle of hiring a dedicated, in-house team. Contact us today to schedule a consultation and learn more about how a partner like Sikich can strengthen your security while easing the burden on your teams.
