Kaspersky names remote workplace threats, shares top security measures
March 2020 by Marc Jacob
As additional security measures are put in place by governments and organisations worldwide in an effort to slow the spread of COVID-19/coronavirus, employees are increasingly forced to work from home. This rise in remote workers brings to light the potential cyber risks involved. Kaspersky experts reviewed potential cyber threats and explained how to protect employees at their remote workplaces.
While remote work usually brings a lot of advantages – from more flexible schedules to increasing the appeal of an organisation as an employer for generation Z—extra security measures always need to be considered, and in the midst of rather urgent transfers to work-from-home mode, it is not easy for organisations to take into account all risks involved. Once a corporate device is taken outside of a company’s network infrastructure and connected to new networks and Wi-Fi, the risks drastically increase. Ransomware, malware infections and corporate espionage are among the threats that need to be considered at all times, but especially, in cases of remote work as insecure Wi-Fi and 4G or 5G connection amplify the risk of infection.
Other risks include the use of personal devices for work purposes, a process that is more likely to take place in conditions of remote work. The popular ‘bring your own device’ approach, which allows employees to use their own devices at work, has been adapted by many companies and brought additional risks to corporations. Phishing via consumer sites can easily infect devices, and, personal devices are also more likely to have outdated software – with potentially unpatched vulnerabilities. Lastly, decentralised IT control and difficulty in tracking and securing devices make the security system more vulnerable.
Here are some tips to help businesses fill possible gaps in IT security and be prepared:
1) Ensure your employees have all that they need for secure remote work and know who to reach out to in case of problems with IT and IT security
2) Schedule basic security awareness education for employees – it can be done online and cover essential practices for passwords and accounts, email security, pc security, and web browsing
3) Take data protection measures: switch on password protection, encrypt devices and complete data backups
4) Ensure all devices, software, applications and services are up to date, and keep them updated
5) Install proven protection software, such as Kaspersky Endpoint Security Cloud on every endpoint, including mobile devices, and switch on firewall. The protection product should include protection from web threats and email phishing.
6) Double check mobile device protection: it should have anti-theft capabilities enabled, such as remote device location, lock and wipe of data, screenlock and password, andFace ID or Touch ID; enable application control to ensure that only white-listed applications are installed