Remote Work Challenges
The pandemic has sent many of us from our office to our homes to get the job done. Everyone has had to adapt quickly to a new normal and there have been multiple challenges. Distractions and technology challenges have led to growing cybercrime over the past six months.
If the pandemic pushed you out of an office workspace and into your home, your new working arrangement may be less than ideal. This could be anything from an internet connection that can’t keep up to family members in your workspace. These distractions, along with the overall stress of the pandemic, can leave employees less focused. According to a recent study of 1,000 US and UK workers, 58% of employees admitted sending an email to the wrong person and 10% lost their jobs because of it. More than a quarter of those surveyed admitted to clicking on a phishing link at work. Distraction, fatigue, brand recognition, and perceived legitimacy of the email were all factors in their decision to click.
To accommodate work from home, companies are using remote access services like Windows Remote Desktop Protocol. These services may have been configured quickly and, oftentimes, with lax security protocols so that workers can get their jobs done and the help desk isn’t overwhelmed with troubleshooting issues. Between weak passwords and a lack of multi-layer authentication, these remote access services are an easy target. Hackers recognize the opportunity and it has led to a major increase of RDP attacks.
Protecting Employees and Networks
What can we do to help employees succeed in these times? On the tech side we can implement a virtual private network (VPN). If that’s not possible and employees will connect to cloud-based apps right off of their home networks, enable additional authentication methods (multi-factor authentication) and monitoring on those cloud-based apps. Make sure work-issued devices are running up to date software and have a lock screen timeout. Make clear that work-issued devices should not be shared with others or used for non-work purposes.
Along with these technology and policy solutions, education is a key defense against cyber attacks. Now is the perfect time to remind employees of a couple of things: first, to take care of their health and well-being. No one can do their best work when they are working in less than ideal conditions and under high levels of stress.
It’s also a great time to recap the ‘why’ behind password requirements. When users understand that their weak password can be the entry point to the entire network, it can lead them to make better decisions around password selection and reuse. Also provide instructions on additional login methods.
And it’s always the right time to revisit phishing safety. Criminals are capitalizing on distraction and fatigue to phish employees. Remind them that sophisticated phishing attacks will appear legitimate. After all, phish are designed to compel you to click. If you are interested in exploring phishing tests in a safe environment, please reach out. We’d love to help.