By Ashraf Sheet
As companies across sectors encourage — and even mandate — that their employees work from home to protect themselves and others from the spread of coronavirus, IT professionals are tasked with the increasingly complex and challenging responsibility of cyber safety for employees’ devices and companies’ networks.
Individuals and organizations are likely to face increased cyber threats from malicious actors attempting to target weakened network security as a result of more people teleworking.
For organizations that already offer work-from-home options for all or many of their employees, their network infrastructure and institutional awareness are most likely prepared to protect them from outside cyber threats.
But for companies and employees where the option to work from home is new, it is important that IT professionals and individual employees take the steps necessary to prevent attacks.
Infoblox recommends that businesses in Saudi Arabia implement the following guidelines and best practices to ensure the security of their networks and corporate data while employees are working from home.
Develop and communicate clear and consistent cyber safety policies
It is essential that employees have clearly defined IT policies and protocols in place for working from home. These cyber safety guidelines should include, but are not limited to:
Making sure that employees use only approved devices to access and store corporate data, where possible
Mandating the use of strong passwords — at least 12 characters — when accessing corporate networks; and
Implementing multi-factor authentication — ideally with hardware tokens instead of text messages (which can be spoofed).
Leverage technological solutions for cyber safety
Companies most likely already have a robust security infrastructure in place to ensure the cyber safety of their corporate networks. With users increasingly working from home, the traditional corporate security perimeter has vanished and VPNs are often no longer necessary to get work done. Instead, employees are increasingly using cloud applications, many of which have not been vetted for security issues.
Network managers and security teams need to ensure that technologies used when working from home are ready and secure, including:
Ensuring that all corporate security products are patched and updated to the most recent version across users
Providing a fast, secure, reliable and easy way to protect users, enforce acceptable use policies and ensure business continuity
If they continue to use VPNs, ensuring that they are encrypted, updated and protected with strong passwords and 2-factor authentication
Increasing the monitoring of endpoint, email and remote access security events.
Educate employees about the increased risk of cyber threats
Above all, employers should make sure that employees are aware of the increased risk of cyber threats tied to the coronavirus pandemic and train them on how to avoid them, including:
Alerting employees to expect an increase in phishing attempts and other malware, and to not respond to any emails seeking personal, corporate or financial information
Reminding employees that malicious actors often disguise themselves using legitimate-looking email addresses and to verify a sender’s identity before clicking on a link in an email. Avoid clicking on links in unsolicited emails and to be wary of email attachments (for example, malicious actors are using fears of coronavirus to distribute the LokiBot malware)
Teaching employees how to make sure their work-from-home setup is secure and that WiFi and other devices are properly configured; and
Re-enforcing with employees the importance of reporting suspected security events.
As networks continue to be more decentralized and more employees take advantage of the benefits of working from home, securing networks from malware and other cyber threats will remain a challenge. Emphasizing and implementing these cyber safety best practices for working from home will help IT managers ensure that corporate networks remain cyber-safe.
— the writer is regional director, Middle East & Africa at Infoblox
