Businesses are adapting to a new world, where working remotely is a necessity for safety and continuing to stay productive. Remote work has major implications for security, both because home networks and systems tend to be less secure, and because the threats targeting remote workers are significantly on the rise. In the last couple of months, since the coronavirus pandemic began to hit, we’ve observed, and other researchers have documented, a 667% increase in attacks. These attacks include phishing, malware, remote hacking efforts and related threats.
With novel coronavirus (COVID-19) creating more demand for companies to facilitate remote work capabilities for employees, security must be carefully managed. A number of new threat trends are specifically targeting remote workers, including phishing, malware, directed attacks on home networks and more. We have compiled this list of best practices and configurations to avoid to assist your company in managing its remote workforce and maximizing security resilience as a follow-up to our article about preparing your business for remote work. In addition, please review our cybersecurity presentation for SMBs: risks, trends and best practices.
The COVID-19 pandemic is creating significant disruptions in business operations. Wherever possible, we strongly recommend that businesses put continuity plans in place to facilitate remote work and collaboration for an extended period of time. As a part of these continuity plans we recommend ensuring that remote workers are able to conduct their business securely, and that functionality is tested before going in to production.
Many businesses tend to underestimate their cybersecurity risks, and as a result, make themselves appetizing targets for malicious hackers, malware and other problematic activity.
Cybersecurity is a critical part of every business’ operational durability. Without attention to it, an attack can be crippling. We recommend business owners and managers view cybersecurity as an investment, rather than a sunk cost, as it pays in dividends of business continuity and resilience.
Microsoft engineers recently presented research at the RSA security conference indicating that 99.9% of compromised accounts aren’t using multi-factor authentication (MFA). This statistic alone illustrates the enormous potential for MFA to mitigate account breaches when passwords are either guessed or exfiltrated.