Government, businesses and other organisations in the Middle East are increasingly encouraging home working in a bid to slow the spread of the Covid-19 coronavirus. Whilst the measure is undoubtedly effective in flattening the curve of coronavirus increase, there are cyber risks to consider in relation to this change.
The experts at cybersecurity firm Kaspersky have shared their advice and precautions to be taken when transferring from the office to the remote workplaces.
Transferring employees to work outside the office is a process that is usually treated with thorough preparation, as once corporate devices are taken outside of a company's network infrastructure and are connected to new networks and Wi-Fi, the risks to corporate information increase.
Maher Yamout, a security researcher at Kaspersky, said: “Many companies have already adopted a practice of regularly allowing their employees to work at home. The results have been quite positive and home-based employees do not portray any risks if the approach to their cybersecurity is comprehensive.”
“There are two major risks to corporate networks related to the home office: employees' usage of unprotected devices when connecting to the corporate network, and connection via insecure Wi-Fi and 4G/5G networks, especially for those who work from personal devices.”
The experts noted that the best practice would be to use a corporate device, instead of a personal one. They add that the biggest mistake companies could make is to consider an employee device insignificant and ignore the fact that it might be the entry point of a cyberattack.
Yamout explained: “A year ago, we assessed the cases of cyber incidents and found that a third of them started from employees’ own devices. In 34 per cent of cases, it was either a download of a malicious file from an e-mail or a website. The more potentially contaminated or unprotected machines are connected to the company's infrastructure, the larger are risks of infection. A vast majority of threats we see are not targeted, but come from mass-campaigns that rely on human errors or holes in un-updated software, which means that they are not unpredictable and can be prevented.”
The researcher recommends employers to follow these basic precautions to minimise security risks:
1) Provide a VPN for all staff to connect securely to the corporate network; ideally to tunnel all the network traffic.
2) All corporate devices – including mobiles and laptops – should be protected with appropriate security software, including mobile devices (e.g. allowing data to be wiped from devices that are reported lost or stolen, segregating personal and work data, along with restricting which apps can be installed).
3) Make sure you have implemented the latest updates to operating systems and apps.
4) Restrict the access rights of people connecting to the corporate network based on the need-to-know and least privilege principles.
5) It is necessary to remind co-workers about basic cybersecurity rules: do not follow links in emails from strangers or unknown sources, use strong passwords, etc. Ensure that staff are aware of the dangers of responding to unsolicited messages. Also, it is essential to agree on rules of work: whether all questions are asked in protected chats and conference calls are made via secured channels.
