Potential security issues when employees work remotely

2 Mins read
remote work security risk

Remote work has become a trend over recent years. However, this year COVID-19 situation forced even those who were not ready to switch to work from home. It results in increasing business investments in new technologies like the Cloud and modernizing overall infrastructure to grow digital capacities.

The remote work is aimed to keep people safe, but what about the safety of your corporate resources?

Here we have gathered top security concerns coming from the remote work and solutions to them:

Remote File Sharing

One of the key constituents of work is internal files, that’s why companies optimize internal file management and remote access by introducing Distributed File systems. Along with that comes the risk of leaving private data exposed. 53% of companies left more than a thousand sensitive files accessible to all the employees. With the influx of simultaneous requests, the connection to remote files can slow down and lead to CPU overload in case of on-premise file sharing.

Solution: invest in such a cloud file server solution that would allow integration with Active Directory policies so that the principle of “least privilege” is used. Meaning that only files necessary for everyday use are accessible depending on the user role. Also, make sure to set up a proper monitoring system to see suspicious file requests and perform regular cleanup of inactive accounts to reduce the chances of their exposure.

Public Networks for Incoming Connections

Using public Wi-Fi networks with unencrypted connections increases chances of man-in-the-middle attacks when hackers may easily get access to your internal network by eavesdropping on the connections and alter the communication to the server to steal the session and get access to the internal network.

Solution: restrict corporate resources by VPN and introduce several authentication layers apart from login and password like 2FA and one-time passwords to protect your network from such attacks.

Suggested Reading: 15 types of cyberattacks you need to secure your business from

Personal Devices

Half of the remote workers are using their personal devices. This practice is called Bring-Your-Own-Device. Unfortunately, not everyone treats security seriously, making their PCs an easy source of downloading viruses. Older OS versions may trigger vulnerabilities like Blue keep in Microsoft Remote Desktop Protocol or get exposed to keyloggers fetching user passwords to get into the corporate system.

Solution: If you cannot afford to supply your team members with the pre-configured laptops, offer them proactive security audit done by your IT specialists to ensure the proper disk encryption level, setting up antivirus, and making sure that all the OS components are up-to-dated, and only licensed software is used on laptops. This will minimize the risks of hacking that comes from personal computers.

Brute-Force Attacks

Brute-force attacks, also known as password guessing, is also one of the hacking threats to your company. Unfortunately, many users still neglect cybersecurity rules and use insecure passwords that are easy to guess, like birth dates, maiden names, and phone numbers. Password databases that contain all common combinations are used to perform brute-force attacks trying to expose remote desktop protocol connections.

Solution: Set up Active Directory rules for using the maximum password age and history, so that users are forced to regularly change their passwords using new combinations, or even replace the passwords to passphrases, as the latter ones are harder to guess and implement account temporary lockdown after a certain amount of failed login.

Wrapping up

Remote work may be challenging both for the employees and business owners in terms of bringing changes to outdated security strategies. But skilled IT specialists can help to protect your internal resources so that your business feels safe in all its meaning during these times.

Leave a Reply

Your email address will not be published. Required fields are marked *

60 − = 50