The outbreak of Covid-19 has completely shifted how companies operate. Organizations have had to quickly adapt and implement new work-from-home policies to keep their employees safe and productive. While remote working comes with flexibility and better work-life balance, it also poses several IT security challenges. With a significant number of employees in the UK working from home, it makes company networks and devices even more vulnerable to cyber-attacks. The recent Annual Report from the UK’s National Cyber Security Centre highlighted an increase in unscrupulous activity, with more than a quarter of these incidents related to the pandemic.
With remote working being the norm for the foreseeable future and cybersecurity threats emerging and evolving every day, it is vital that businesses are equipped with document management tools that offers the best security protocols. Business continuity relies on employees being able to work safely, anytime and anywhere.
The common security pitfalls
There are several common security risks of a remote workforce that must first be identified. One regular risk for businesses is employees who connect to an unsecured home or public Wi-Fi, as both expose the user to malicious attacks. Offices often provide more complex security measures and protocols, such as firewalls and data protection tools.
Ransomware, a type of crypto virus that encrypts a file and enables criminals to demand payment for decryption or unlocking, is also a major threat to remote working. Cybercriminals have taken advantage of the pandemic and are using Covid-19 as a ruse to send ransomware into an organization’s or user’s network. The NCSC Annual Report also discovered an increasing trend where criminals are no longer just simply withholding data, but are also threatening to leak it publicly unless the victim pays the ransom. For example, the most frequent “information” or “news” being sent out are about the Covid-19 vaccine, medical equipment and government economic assistance. Typically, such attacks are carried out using a trojan infiltrating a system by means of a preceding phishing attack.
In addition, cybercriminals are also exploiting the situation to trick people into sending private and sensitive information. Known as phishing attacks, they can come in many forms, such as emails and text messages, that supposedly contain important news about Covid-19 and encourage people to click on an attachment or link.
Considerations for businesses
To address the security issues of a remote workforce, organizations can implement a document management solution which can help manage processes in a number of ways. With the right solution, businesses can explore protection against both deliberate and accidental security breaches, access control and protection, and data mismanagement.
Restricting document access is one way of doing this. By ensuring that employees can only access documents with a unique username and password not only provides greater control, but also transparency around which document was accessed, by whom, and what actions were taken. Additional security can be reached by using Single Sign On authentication for employees, leveraging identity protection or MFA authentication of the SSO-provider. In the document management solution, it is also possible to restrict access to a document based on that document’s index data, which are the key points of metadata used to describe a document’s content and purpose, so that the right people have the correct level of access to different documents.
Additionally, the treasure chest of data should always be protected. One key element to working remotely is being able to access and store important business documents, such as invoices, contracts, creative materials and HR records, securely – at any time and from anywhere. Unsecured data traffic, or components with HTTP, would leave systems vulnerable for attacks and allows hackers to intercept sensitive data such as passwords and finances, due to lack of the TLS/SSL security layer. To avoid this, all traffic between employees computer and the document management system must be encrypted with secure HTTPS (such as TLS 1.2).
Aside from selecting a scalable document management solution and benefitting from correct security protocols and system protection measures, training for employees is also vital. A recent report by Verizon found that one in five data breaches occurs due to human error. Businesses must meet compliance standards by training employees regularly on how to handle sensitive information and deal with social hacking and engineering attacks so that networks and systems are protected, and a secure environment is maintained.
Future-proof the home office
Even with the best corporate security measures in place, business must also better inform employees on how to protect themselves at home. -
Additionally, employees must also install safeguards, such as firewalls and anti-virus software at home (as described in their companies policy). Crypto viruses can embed themselves in documents and deliver their payload when opened on a user’s local device. Installing the appropriate software and tools will protect the user against most of these attacks and ensure that neither the user’s local environment is not threatened. Also, investing in a password manager enables employees to safely store long and complex passwords that are much harder to uncover.
Ensuring employees always use a Virtual Private Network (VPN) can protect their privacy at home and on the road, as it creates a self-contained network used for encrypted or anonymous communication and data transmission via the internet. Finally, making sure employees feel comfortable dealing with security risks at home is essential. They need to know when to flag potentially harmful emails, and who they can escalate the matter to.
Security for now and the future
At the beginning of the year, companies witnessed their workforces go remote almost overnight. Where they had the protocols in place to securely and efficiently protect their employees in the office, they suddenly had hundreds and even thousands of new offices to protect – the employees’ homes. Through identifying the potential risks, and putting key security protocols and software in place to manage their data, organizations can continue with minimum disruption throughout this pandemic and beyond.
Dr. Michael Berger, President, DocuWare