Businesses are facing ever-greater cyber threats, and teleworking is exacerbating these risks. Julien, System and Security Administrator at Tixeo, gives us his advice on how to make teleworking (and teleworkers!) more secure.
Why do companies need to improve security when teleworking?
It’s no secret that cyber threats have been on the rise for several years now. They have even increased since the pandemic and the geopolitical upheavals. Companies of all sizes are affected by cyber attacks today. And the expansion of teleworking has not helped.
IBM’s recent “Cost of a data breach” report even indicates that when teleworking is a factor in a computer attack, the cost to the company increases by almost 1 million dollars, compared with an attack without this factor.
What are the cyber threats of teleworking?
By definition, teleworkers work from home. The employer therefore has limited control over the teleworker’s environment and usage, particularly with regard to the home Internet connection. However, the Wi-Fi network is a primary cyber threat when teleworking. If access to it is not protected, the data on the connected device may be exposed.
Furthermore, when teleworking is hybrid, employees are often required to travel with their work equipment. Here again, connection to public Wi-Fi networks is problematic. There is also a greater risk of equipment being lost or stolen.
Finally, the resurgence of cyber-threats such as phishing and ransomware can do more damage to teleworking employees. On site, the slightest suspicion of a computer attack is discussed in open space. If they are isolated, teleworkers are likely to be less vigilant in the face of one of these cybersecurity risks.
What needs to be secured when teleworking?
There are three main elements to teleworking safety. Firstly, the teleworking workstation must be protected. At Tixeo, teleworkers’ hard drives are encrypted. This limits the risk of data being compromised, if the device is stolen while on the move for example.
Teleworkers also need access to resources hosted on the company network from home and when they are on the move. Setting up a VPN protects this access. When resources are available via a cloud system (preferably a sovereign one), MFA (or multi-factor authentication) securely authenticates the user.
Finally, protecting teleworking communications is a key issue. Employees use videoconferencing to discuss a multitude of subjects, some of which are confidential. Access to these exchanges can have serious consequences for businesses, in a context of constant cyber-warfare. The use of a secure videoconferencing solution is therefore highly recommended, to avoid zoombombing and computer espionage.
Why is it essential to raise awareness of cybersecurity among teleworkers?
Even with all the right security measures in place, the human factor is still the biggest vulnerability. According to the latest Verizon report, this factor is present in 74% of all data breaches. What’s more, 52% of cyber espionage attacks begin with “spearphishing” or “targeted phishing attacks“. This type of cyber attack specifically targets a company employee with access to sensitive information. It is generally based on identity theft and strong social engineering. The hacker’s aim is to send an e-mail that is consistent with the activity of the person or company targeted, as ANSSI explains on its website.
Teleworkers must not feel they are on their own when it comes to these issues. That’s why cyber security awareness campaigns need to be held regularly. They should be given a comprehensive IT charter tailored to their workstation, containing all the information they need on how to use the equipment they are provided with, and what to do if they suspect an attack. Finally, teleworkers need to be made aware of the increased risks of shadow IT. Shadow IT involves employees using software and applications that have not been checked and approved by the IT department. Shadow IT can lead to vulnerabilities on the workstation and, by extension, on the internal network. To avoid the inconvenience of shadow IT, IT Departments have every interest in examining the performance of the tools deployed and providing training in their use.
What advice would you give to companies on how to make teleworking more secure?
- Stepping up awareness campaigns aimed at teleworkers
- Facilitate support for teleworkers, in particular through software for remote control of workstations
- Intensify the security of mobile teleworkers’ workstations and their access to resources (VPN, MFA, Endpoint Detection & Response, Mobile Device Management, Disc encryption, etc.)
- Understand the uses of your teleworking employees and adapt security accordingly so as not to generate frustration and shadow IT
- Implement a secure videoconferencing tool to protect the company’s sensitive data and communications
Find out more about good practice in teleworking security in the white paper: discover all Julien’s security tips