The views of this article are the perspective of the author and may not be reflective of Confessions of the Professions.
Due to the events of the past few years, remote working saw a major surge. With this came several changes in operations, but many companies were able to adapt quickly. Then, as the stay-at-home mandates were lifted, a lot (but not all) of employees switched back to in-office work. There’s also others who have undertaken a hybrid situation where they spend some days in the office and the rest working from home.
While each of these set-ups has its own positives and negatives, one constant remains: the risk of cyberattack. What can organizations do to better manage security risks, regardless of where employees are working? Below are two examples of cybersecurity vulnerabilities that exist for those working at home, in the office or a combination of both, along with ways companies can address them.
There are numerous ways a cybercriminal may infiltrate a company. One of the top ways to breach data is through phishing emails. The good news is that there are several ways to prevent employees from becoming a victim of a phishing – or social engineering – attack. First, companies are advised to schedule ongoing training on detecting and avoiding these scams for all types of workers. There should also be regular reminders for employees who use personal devices or software when accessing the corporate networks to routinely update their cybersecurity measures.
Another vulnerable area also has to do with the human factor. Weak and unsecured passwords pose a major threat to an operation, whether the employee is at home or not. However, cybercriminals recognize some remote workers may be laxer in their security practices. As such, organizations should set policies regarding password strength and management. These policies might include banning the use of repeated passwords and personal information within credentials to further reduce vulnerability. Similarly, organizations should consider security solutions, such as an Authentication-as-a-Service platform, to better protect their networks from unwelcome access.
