How to ensure cyber security in a remote workforce?

The global pandemic has brought the entire world to a standstill forcing companies to allow their employees to work from home to ensure continuity of their business. While ensuring continuity, companies have embraced new technologies such as video conferencing, chat applications and tech support thus recreating the entire office atmosphere at home.

Every coin has two sides, and so with technology providing employees the ease of working from home there also lies a huge risk of vital information being stolen from a system.

Many small- and medium-sized companies and startups in India were not prepared for this sudden paradigm of working and have limited devices to serve the volume of work from home. Limited resources would mean employees using their personal systems and home Wi-Fi connection which may be connected to multiple other systems in the house.

This paves the path for cybersecurity risks and gives cybercriminals an opportunity to break into your office system. There are ways that we can evade these cyberattacks:

Maintaining cyber hygiene: To protect your company’s data and resources while working in a remote environment it is important that we maintain cyber hygiene in three fronts – strong passwords, network access and identity access management. Employees whether using the company system or personal should ensure that the passwords are not repeated from multiple devices to access your official email address or portal.

Passwords used by employees should be strong and unique, meaning, it has not been used before or currently is a password for any other account. Although, there is no password that can guarantee complete safety but it surely makes the job of a hacker difficult.

Securing the network access: Employees will be using their home Wi-Fi which could be connected with multiple devices such as smartphones, smart TV, laptops etc. In this case we should connect our system, data and applications using a virtual private network (VPN).

A VPN creates a virtual tunnel of encryption, which protects the data exchanged from the home network to the work network, making it unreadable to attackers.

Protecting sensitive documents: Vital documents shared through emails also pose a risk to intellectual property. To ensure the security of documents, companies should use digital rights management which adds a layer of protection to all our outbound document transfer.

Apart from securing, we can also decide the extent to which a document can be downloaded per user and the number of edits to a document one can make.

Mobile device management: Many-a-times unknowingly we forget to switch off the ‘Remember password’ dialogue while logging into work accounts and applications. The role of mobile device management is to gain a central control over email and applications, enhance employee productivity and protect them from malware and breaches.

Secured collaboration tools: Working remotely entails, brainstorming and strategy planning sessions will also take place on specific cloud-based collaboration tools. Organizations should make use of more secure collaboration tools such as Office 365 or Cisco Webex, which provide protection against data theft and exfiltration.

Separate networks for office systems: Employees may possess different IoT devices at home such as smart TV, smart speaker or smart switch. Connecting our work systems to a separate network will lower the risk of getting attacked. Most of the vendors do not secure them fearing slow performance and a poor user experience.

Once an IoT device is hacked it follows a chain reaction of other devices getting hacked that share the same network. One doesn’t need to have a separate router. The same router can be branched into small networks, called, subnets. One branch can solely be used for connecting the office system.

Necessity is the mother of invention. The breakout of Covid-19 is forcing the employees to work from home, gives organizations the opportunity to retrospect their existing security policies and procedures, so that they are well equipped to combat such cyberattacks.

• Shomiron Das Gupta
• The author is CEO, DNIF