How to protect your remote workforce from opportunistic cyber attackers

(Image credit: Shutterstock / NicoElNino)

The concept of working from home and remote workforces has been around and in practice for a while now, but recent global events have changed the game entirely, with many governments – including the UK’s – now urging citizens to dramatically increase social distancing measures. Indeed, the ongoing pandemic has driven entire offices to close and whole companies to work from home resulting in an unprecedented shift in the working landscape in just a few months. Organisations are having to rapidly adapt, and a vital consideration must of course be security, particularly given cyber attackers’ propensity for opportunism during times of crisis.

Unfortunately, distressed global climates and times of uncertainty are prime times for hackers to launch attacks and we can already see targeted coronavirus-themed phishing attacks in circulation. Therefore, it is imperative that organisations implement business contingency plans that prioritise protecting remote workforces from attacks. Securing a remote workforce, while also ensuring that productivity is not negatively affected, is a daunting task but there are several ways this can be achieved and considerations that should be made:

Step up authentication for password managers – Far too many of us remember our passwords by writing them down or by creating passwords so easy that we couldn’t forget them. For example, according to a review by the UK’s National Cyber Security Centre, ‘123456’ is the most common password. What’s more, recent research from Ponemon Institute has revealed 43 percent of IT security respondents say sticky notes are used to manage passwords in their organisations. This creates obvious security issues, given that these passwords could be found or very easily guessed by a bad actor. Remote workers or not, employees need a simple and safe way to create, store, and manage passwords. Hardware security keys integrated with enterprise-grade password managers are a good step to take in achieving this. 

[Ringcentral] Unlimited phone calls, audio meetings, video conferencing and internet fax, $34.99 per user per month

<a href="https://www.techradar.com/reviews/ringcentral-meetings" data-link-merchant="techradar.com"" target="_blank" rel="nofollow">[Ringcentral] Unlimited phone calls, audio meetings, video conferencing and internet fax, $34.99 per user per month
This is an all-in-one, cloud-based phone, team messaging, video conferencing that is easy to use and feature a transparent, all inclusive pricing with free 24/7 support. You get a 14-day trial without hidden costs and with an instant activation. US/Canada users get unlimited phone calls and unlimited SMS/MMS as well.

Acknowledging limitations of basic multi-factor authentication (MFA) – MFA methods are commonly used as an additional layer of security to business IT networks. Given that home networks are often less secure than business networks, MFA is vital in these new circumstances. The most basic examples are two-factor authentication (2FA) methods such as memorable words or SMS One Time Passwords (OTPs), but, while these do provide some increased security, they are still vulnerable to modern phishing and man-in-the-middle (MitM) attacks. In fact, phone-based attacks are increasingly common, with ‘SIM-swap’ fraud on the rise. Not to mention that the cumbersome process of inputting answers and passcodes doesn’t exactly fulfil the brief of increased security without hindering productivity. If OTPs via SMS are to be used, it’s therefore advisable for these to also be backed up by a separate, external authenticator.

Embrace superior multi-factor authentication (MFA). Doing away with passwords altogether and implementing more superior methods of MFA, such as a mobile authentication app or a hardware security token, is the most secure option that will have little impact on user security. New standards are offering security without the issues outlined above, for example WebAuthn, the first global accepted standard for web authentication and a core component of FIDO2. WebAuthn offers users multiple ways to authenticate, for example hardware security tokens or an app. This is especially important in the current global climate as it allows organisations to offer a degree of personalisation so employees can find an authentication method that works for them.

In these ever-changing times, it is increasingly important that organisations address security concerns head on and work to find measures that will keep remote workers safe. All the options presented here will increase security beyond the traditional password and username combination, so it is important that businesses find the method that works best for their employees.

John Gilbert is General Manager UK&I at Yubico

John Gilbert

John is General Manager UK&I at Yubico.

He is a proven and effective Sales Leader/Sales Professional with a consistent record of achievement over 25 years in the industry. Strong record in B2B Solution Sales, Relationship Management and Team Leadership at VP/Director level. Results oriented and new business focused, he has sold both Direct and through Channel Sales throughout the UK and EMEA using both strategic, tactical and what is now being championed as “challenger” sales methodologies. He develops strong, long-term and profitable customer relationships at both Operational and C Level and he enjoys the challenge of driving innovation, disruptive and “early adopter” sales cycles.