It has been more than a year since many employees started working from home (teleworking), and what used to be an exception has become the norm in many sectors. After almost 12 months, employees may believe that they have mastered telecommuting. Similarly, companies and their IT teams may believe they have mastered remote work management.
However, while many say practice makes perfect, the reality is that practice only makes permanence, and this applies to bad computer habits that many home-based workers may have adopted over the past 12 months, such as repeatedly logging in. to your company network from insecure devices and networks. As restrictions continue to ease, companies that continue to allow telecommuting or adapt to hybrid work models may find that employees choose to work outside the home using unsecured public networks, such as those available in coffee shops.
With this in mind, companies need to ensure that employees are educated in security best practices, reducing the chances of IT vulnerabilities being exposed. The latest research from ManageEngine shows that IT teams said effective user training and knowledge management was the biggest challenge from the first shutdown, so it’s clear there is still work to be done. So ManageEngine offers several actions that IT teams can take and recommend to employees to help prevent vulnerabilities.
Share the risks of open Wi-Fi networks.
The use of work devices on open Wi-Fi networks and access to company networks via open Wi-Fi should be prohibited as part of company policy, and IT teams should ensure that they do so. Communicate regularly to employees.
Network connections on public Wi-Fi networks do not require authentication, giving hackers easy access to insecure devices on those networks. Hackers can even stand between an employee and the connection point, giving them access to all the information the user is sending over the network, such as sensitive emails and security credentials. With this information, the hacker can access the organization’s systems by posing as an employee. Hackers can also use unsecured public Wi-Fi networks to distribute malware to devices using the network.
Suppose company policy allows users to work in public spaces where they normally connect to an open Wi-Fi network. In that case, employees should only connect to corporate networks through their access points, which should be configured as undetectable so that the connection remains private. Employees should also be encouraged to use a virtual private network connection when connecting to public Wi-Fi, as this will provide strong encryption of employee data. They can also select the “Always use SSL” option in their browser settings to help keep their connection secure and safeguard their data.
Ensuring the standard remote working operating procedure.
When employees work outside of company premises, standard password policies should be applied and regular communication to ensure they are up-to-date on security protocols. Users must be kept informed of the latest iteration of password policies, which an IT security administrator should recommend. Reminding users of these policies frequently will help keep primary networks safe and encourage good password habits.
Two-factor authentication should be implemented wherever possible on all systems, programs, and devices. Employees should be encouraged to use long and complex passwords. According to a Bilendi survey, 59% of users still use the same password for most online accounts. Almost half answer security questions truthfully, and extremely simple passwords are the order of the day. A 12-character password has been reported to take 62 trillion times longer to crack than a six-character password. Using a combination of uppercase and lowercase letters, numbers, and symbols will also reduce the chance of hackers guessing their way into a user’s account.
Many organizations require users to regularly reset their passwords, but this can negatively impact productivity and place an unnecessary burden on customer support services. A recent study revealed that 30 percent of people find resetting passwords very stressful. According to Gartner, between 20 and 50 percent of annual help desk requests are for password resets, and the average MSP serving 1,300 users spends nearly $ 10,000 a year handling password reset requests.
Although periodic password resets are important and useful, account security must be strengthened by other means, such as using tools that support mobile device management, privileged access management, and remote password resets. Log monitoring tools can also be implemented to detect abnormal login activity on accounts.
Allow the only login from secure devices.
When working remotely, it is more difficult for employees to get the IT team to solve any hardware problems. With no company backup devices available out of the box, users are likely to switch to a personal device if they have problems with their work device. In this scenario, companies face the same problems that they might encounter if they have a “bring your own device” (BYOD) policy in the workplace.
Most of the time, personal devices lack an adequate level of security compared to company-supplied devices. Employee devices may have outdated antivirus software, contain known vulnerabilities that have not been patched, or be infected with malicious software. A keylogger, for example, can allow a criminal to steal a user’s login details in a single-use.
The IT team should have a preventive procedure that enables users to quickly have a secure backup device in place in case of hardware problems.
Not only do employees need to be educated on the dangers of using insecure devices on corporate networks, but the IT team must have a preventive procedure in place that enables users to quickly have a secure backup device in place in the event of hardware problems arise. A strong BYOD policy should also be in place to safeguard corporate data on personal devices. It must indicate the type of personal devices with which employees can work, which employees have the right to use those devices and the corporate data they can access from them.
Organizations can optimize personal devices in line with their BYOD policy by implementing mobile device management (MDM) software. An MDM solution enables an organization to create its application catalogue, which can help minimize vulnerabilities on employee devices. In a work-from-home scenario, an MDM tool helps IT administrators remotely solve or troubleshoot problems in real-time. Monitoring device content, keeping operating systems up-to-date, and deproviding an employee’s device when leaving the company can also be easily accomplished by implementing efficient MDM software.
Not all habits are bad.
Although the bad habits mentioned above should be actively discouraged, repeated behaviours can be helpful to the IT team when it comes to understanding vulnerabilities and figuring out how to resolve them. By applying a machine learning process known as User and Entity Behavior Analysis (UEBA), the IT team can continuously monitor user and device activity. This enables the IT team to develop a baseline of regular activities to measure user and device behaviour to detect anomalies. Once an anomaly is detected, the IT team can investigate the unusual behaviour and educate the user who triggered the event or prevent an attack in progress. This can be as simple as setting a “
IT teams must take action now to ensure that employees are trained on best cybersecurity practices and regularly reminded of security policies.
Given the uncertainty that looms regarding when the restrictions will end, what is clear is that the future holds more remote work, even when normal life resumes. That’s why IT teams must take action now to ensure that employees are trained in IT security best practices and regularly reminded of security policies. Monitoring behaviour and identifying anomalous activity can help prevent unauthorized access by bad actors, but this can be challenging without the right tools. UEBA automates much of this task for the IT team, and it will be increasingly valuable in keeping business networks secure, regardless of where employees connect.