Remote Work Security Risks: Top 10 Ways Companies Open the Gates for Cyberthieves

By Freed Maxick RAS Team on August 4, 2020
Back to main Blog
Freed Maxick RAS Team

cyberthieves

Did COVID-19 Expose Significant Weaknesses with Your Cybersecurity for Remote Employees?

FreedBlog1In my last blog post, I discussed how COVID-19 has created new workforce models, and in the process, significantly increased the potential risk exposure of companies to cyber events.

Your company may have asked employees to work from home in response to COVID-19. That has created numerous new cybersecurity challenges as many businesses lack established practices, protocols, and technologies to enable a secure, remote workforce.

In this blog post, I’ll be focusing on remote employees and the need for companies to expand or strengthen their cyber defenses to include this now critical junction in your organization’s digital ecosystem.

Ten Indications That Companies Require Improved Cyber Defenses for Their Remote Employee Workforce

Relative to your remote employee workforce model, there are ten or more common weaknesses or failures in your IT security infrastructure that need exposure to the light of day, requiring planning and remediation:

  1. Cyber Threat1. Weak, ineffective, and outdated employee training about cybertheft and your company’s cybersecurity policies
  2. 2. Failure to restrict remote workers to use of company devices only for work related responsibilities
  3. 3. Failure to limit access to networks and systems that have nothing to do with employee responsibilities
  4. 4. Failure to install and implement security patches, updates, firmware, versions, and virus/malware definitions
  5. 5. Lack of, out dated, or inadequate network monitoring to identify where and how cyberthieves are attacking
  6. 6. Failure to ensure that vendors are adhering to the same security standards as full-time employees. 
  7. 7. Failure to monitor employee compliance with remote access policies
  8. 8. Failure to enable and require multifactor authentication
  9. 9. Failure to communicate between your organization, your employees, customers, and key stakeholders
  10. 10. Poorly constructed or outdated cybersecurity response and remediation plans

While you should have a much deeper and broader assessment of your cyber defenses, if you are failing at, or pushing out for later, any of the above indicators, it is imperative that critical attention be committed to your IT infrastructure and the policies, processes, programs and technologies available to secure the strongest possible cyber defense posture.

Best Practices for Assessing Your Remote Work Security Risks

The Freed Maxick Cybersecurity Team is pleased to provide a complementary assessment tool, “Assessing the Impact of Covid-19 on Your Cybersecurity” that’s designed to help executives and managers – particularly those without a deep IT background – understand the risks your organization faces.

Part 2 of the Assessment, “Focus on Remote Employees” presents nine different categories and about 50 different criteria to facilitate a self-assessment of your remote workforce cybersecurity program.

New call-to-action

These remote work cybersecurity best practices include:

Best Practices for Assessing Your Remote Employee Cybersecurity Program

 

Including …..                                  

Policies, Protocols, and Procedures

Your cybersecurity program should include assessments for policies and protocols relative to remote employees including remote access, acceptable use, business continuity, disaster continuity and more

 

Employee Education and Awareness

A significant focus of your cybersecurity needs to focus on employee education and awareness for malicious acts such as phishing, remote access scams, crisis scams and password strength

 

Authentication protocols

Your program needs an assessment of authentication protocols for remote employees and in office employees accessing company sensitive information, including multi-factor authentication

 

Less Secure Methods of Communication

Your cybersecurity program should include assessments on the degree to which you are implementing best security practices for protecting email communications, phone, and video conferencing for remote employees

 

Secure Methods for File Transfer

Relative to remote employee, your cybersecurity program should have policies and procedures to protect secure file transfer and encrypted email

 

Cybersecurity

Your cybersecurity program needs to include the assessment of its cybersecurity practices, including monitoring, access management and incident response for remote employees.

 

Server Management

Relative to remote employee, your cybersecurity program should have policies and procedures for updates, patches, server maintenance and antivirus/malware protections

 

Desktop Management

For remote employees, at the desktop level, your cybersecurity requires policies, processes and protocols for desktop management including full disk encryption, software updates, and patches, restricted access from downloading software or changing security configurations

 

Operations Management

Several additionally overlooked operations management items that also require assessments during remote workforce times, include load testing for remote access, change approvals, and equipment inventories

Additional Resources and Information from the Freed Maxick Cybersecurity Team

Freed Maxick’s Cybersecurity Team provides remote work cybersecurity services to businesses of all sizes and types relative to monitoring, assessment and remediation of cybersecurity threats and incidents.

We are particularly well suited to help you with your cybersecurity concerns and issues related to effects of Covid-19 upon your entire digital ecosystem.

To learn more about what we do and how we can help your for profit or not for profit organization, visit our website or contact Sam DeLucia, Senior Manager at 585.360.1405 or Samuel.delucia@freedmaxick.com.

Stay up to date