Covid-19 (Coronavirus): Cybersecurity considerations for remote working
Posted on March 19, 2020 by Rob May
Understanding cybersecurity in COVID times is vital in order to keep your business well protected. As a Cybersecurity speaker, I’m constantly having a lot of different conversations about Covid-19, and how it impacts cybersecurity concerns. One question that comes up regularly is “What things (both from a cybersecurity and a technology perspective) should we consider with staff working from home due to the Coronavirus outbreak?” . To answer this, we’ve put together this blog to explain everything you need to know.
The basic building blocks that you need to be thinking about are:
- what, who and how are you connecting
- when do they need to connect
- is the connection safe and secure
If you allow remote users to connect to your systems there is always a risk. If their machines are not secure then, by default, neither are yours. Whatever access you’re giving and however you’re going to facilitate it, you need to be thinking about security and your human firewall. Your human firewall is both your best line of defence and also your biggest risk.
Cybersecurity in COVID Times
Cybercriminals are opportunists, and like any other event that can cause vulnerability, they are making the most of the effects of coronavirus in society. Find out more about cybersecurity in a COVID-19 world, and read on to find out what you need to do to keep cyber safe when employees are working remotely.
Access to machines
A common issue is that in the past employers have simply asked staff whether they are able to work from home, and have access to a computer, and have been told yes. The nuance with the current scenario, however, is that we need to consider what happens when an entire family is working from home. You need to know if all your staff have sole access to a machine.
If not, for some the solution is to allow staff to take their work machines home with them (laptop users probably do this anyway). If you’re doing this with a desktop you need to think about connectivity. Most home networking is Wi-Fi so you’ll either need a Wi-Fi dongle or consider long CAT-5e ethernet cable to run from the machine to the home router.
Remote access tools
An increasing number of digital applications are now cloud-based. This makes remote working a lot easier, but for any on-premise applications you are going to need to a remote access tool. Which tool you use will probably be decided on based on what your IT team/provider are most proficient at using, and your appetite to ease versus cost.
With increased remote users accessing an on-premise solution, you may face speed issues due to the size of your connectivity pipe. Many people have a larger bearer (the pipe that carries the service) than the service they are paying for. This is an ideal scenario as it is quick and easy to increase the speed of connectivity for your office.
Anti-virus for all users
One of the most important considerations regarding cybersecurity in COVID times is that a good anti-virus product needs to be used by everyone. For many businesses there is a quality anti-virus policy in the office, but no control over what people use at home. Consider a licensing agreement whereby home users are provided for under the office license agreement. This will allow you to ensure that everyone has good protection. Don’t allow users to use free anti-virus software.
Don’t be fooled into thinking that having a VPN provides you with all the security you need. Alone, that is not what a VPN does. A VPN is about providing privacy and a private connection, rather than a secure connection. A VPN is a private tunnel from a user to the main system, and it’s imperative that we take the security steps to ensure that the tunnel is secure at both ends. If not, cybercriminals can simply come through the tunnel and attack your systems.
Cybercriminals are making the most of the current environment of heightened fear. They’re using Coronavirus-related opportunities to attack users and their machines. There are a lot of cyberattacks and malware problems being delivered under the guise of either Covid-19 advice or as an interactive Covid-19 Virus Outbreak Map. Please advise your users to be aware of this and not be tempted to click on social media clickbait. Learn more about avoiding coronavirus scams.
Coronavirus-related spam is also booming now. In addition to the usual filtering platforms, you can reduce the problem by getting your mail domain and system administrator to lock down your generic email accounts.
Help safeguard a machine by paying attention to the local-admin account setting. The user account that someone uses on their machine should always be set to ‘standard’ and not to ‘local administrator’.
In the office your IT team should have this in hand but, at home, many users have a default local administrator account. What this means is that if the machine is compromised, a cybercriminal has full access to make changes and cause maximum harm.
To fix this problem at home, follow these steps:
- first create a new user as a local account (you do this under control panel and users)
- name the account admin
- change that user’s account type to be a local administrator
- select and change the normal user account type to be standard
Users should now use their standard account on an ongoing basis, only switching to the admin account when they want to make changes to their machine configuration.
You must give thought to what data remote users are generating and where it’s stored. This has an implication on your GDPR responsibilities as well as prompting thought about backup needs and requirements. Where possible, save to your corporate system/cloud solution and if not, you may need to consider a local backup solution such as rotating external hard drives.
Webcams and video calling
As more people work from home, we’ve seen more webcams being deployed. It is worth opting for a camera with a lens cover, or if a camera is not supplied with one add it retrospectively (they can be obtained easily and cheaply online). Most webcams have an activity light but it’s possible for malware to disable that. The internet will show you thousands of live feeds from hacked security cameras and you don’t want any voyeuristic crime in a home office.
One last thought, if you are asking staff to work from home who don’t normally do so, you might not have thought about insurance implications. It’s also important that you ensure that staff still comply with health and safety regulations.
Home working environment
Good advice to staff working from home is to make sure you create a suitable environment that protects you from postural risks, in the same way as you would at work. Make sure you sit at table of a suitable height, using a chair that enables you to comfortably use your keyboard and mouse, and allows you to rest your feet on the floor.
If staff need to take a monitor/keyboard home to work for long periods, employers should facilitate this. Business owners should ensure that managers are talking to their direct reports to ensure that they can work safely and securely. Find out more about creating a suitable working environment at home.
At a time when business leaders are forced to contend with all sorts of unforeseen complications, because of coronavirus, cybersecurity concerns might not be at the forefront. The truth is, cybersecurity in COVID times is a whole new ball game, and we all need to learn as time goes on. To maintain your understanding, take a look through our range of coronavirus and cybersecurity resources.