Network User Behaviour: Does it support the case for home-working post Virus?
It will be interesting to see how many people will still want to work from home once the Covid-19 crisis passes and we return to the "old-norm".
Will the idea that working from home is such a great thing change? or will employees become even more convinced about the need for remote working?
I bet that shortly some tech companies providing HR and Employee Communications platforms will have all the stats on how productive staff have been during their imposed stint of remote working and how working from home should become a standard option at least a few days a week if not all the time.
But do regular workers really appreciate what goes on in the background to facilitate working from home and do we understand the pressure home working puts on a company's infrastructure and the stress it causes their IT team?
There can be little argument against the fact that our Cyber Security & IT Network Teams have been businesses equivalent of front-line workers since mid March.
It may seem like a simple enough exercise to set up an employee to work from home, and all IT teams work with staff who travel as part of their role.
However, this situation usually involves issuing a laptop with a pre-installed corporate image, a smartphone and access to the company network via a VPN.
They may also receive some basic overview on how everything works including 2 factor authentication.
Now, overnight introduce a global pandemic and the need to have all staff relocate to their homes for work, and the exercise becomes more complex.
Laptops need to be purchased (and there is a shortage as they are all built in China), imaged, secured and issued to staff. Training is on a best endeavors basis and cyber security standards suddenly take a backseat.
In most cases employees will only need access to very few corporate applications; Email, ERP and Communications tools, however problems for the IT teams arise when the employee gets confused regarding passwords and so changes their password to something easily remembered, (but also easily hacked) such as their "name_birthday" and now the home router they are using has the same password as their laptop.
No matter how secure the company is back at HQ its the old adage that the end-user is the real threat.
Each time a remote worker accesses their company network from home, they open up entry points for cyber criminals to exploit. If they have more than one device they will open up multiple entry points, especially if they are using personal equipment that has not been properly secured by their IT team.
There is no doubt that IT & Network Security teams will have experienced an incredible learning curve during the Covid-19 crisis and the knowledge they will gain will stand them in good stead for the future but they can only secure what they have control over and this may not include password strength, installation of unauthorised software, unsecured devices accessing the network and irresponsible user behaviour.
Since the emergence of the Corona Virus, cyber criminals have utilised the fear felt by people across the globe to further their criminal activities, there has been a dramatic increase of scams and hacking relating to Covid-19, there has also been increased targeting of home workers and the tools they use to access corporate networks. This onslaught of criminal activity has made protecting the workforce extremely difficult for IT Security Teams, especially when the IT team is also working from home and may not have access to the usual tool-set they use to protect their network.
Remote working may seem like an easy enough exercise for the IT team to organise but in reality it opens up many opportunities for cyber criminals to penetrate the network.
If employees are considering asking to be allowed to work from home when the Covid-19 crisis ends, they should at least make sure they were not responsible for any breaches during the crisis.
Employees can do their part to ensure the company is not breached because of poor online behaviour:
Update passwords and make them difficult to be cracked
Switch on multi-factor authentication
Think twice about clicking on any links sent in emails
Check all sites visited are secured
Do not "share" your work device with kids
Do not download any games or applications that may contain malware
Make sure all personal devices accessing company email are properly secured
Remote working can be a great thing for work-life balance but consider your share of the task of keeping the wider company safe and secure from criminals and by playing your part it will help the IT team to better trust their end users to behave in a secure manner when working from home.
At GuardYoo we support these Network Security teams by delivering Compromise Assessment Audits, we are working with clients to identify undetected breaches and provide forensic analysis to highlight what, where, how and when the breach took place
Our service is even more in demand now as Network Security teams are under pressure to maintain control of who is accessing their networks.
If you are suspicious that your network has been breached during the Covid-19 crisis, get in touch and we will work with you, within your means, to identify any hidden threats and will deliver forensic analysis around how the breach occurred.
To reach out you can email: info@GuardYoo.com or fill in the form on our Contact page.