Tech giants such as Apple, Facebook, Twitter, and Amazon, known for their large campuses and friendly office culture, are now embracing remote teams, possibly permanently. COVID-19 quarantine restrictions have transformed the day-to-day schedules of most people and has led to an array of problems that has united many. Data suggests that at the height of the pandemic, over 2 billion people found themselves under some form of lockdown, while over 7 billion people lived in countries with strict border restrictions preventing them from traveling or migrating.
And while we, as individuals, faced hardships caused by isolation and fear, businesses around the globe were faced with their own sets of problems—how to move their operations to the digital realm and keep them efficient while maintaining profitability.
The abundance of digital tools such as Zoom have certainly made the transition much easier. In theory, the only thing remote teams needed to do in order to continue operating relatively efficiently was to choose from a wide variety of apps and software according to their own preferences.
Suddenly, companies’ data centers, data servers, and cloud systems were being accessed either through personal computers or through company-issued devices but through insecure connections.
The trade-off between efficiency and security was the one many businesses were willing to make—after all, once the pandemic was over, everything would return to normal and all of the damage that has potentially been done would be reversed.
This, no matter how good it might sound, just isn’t true.
A recent cybersecurity report from Tata Consultancy Service found that the wholesale shift to operate businesses online has increased the risk of cyber attacks by an order of magnitude, introducing a wide range of new risks that most companies didn’t have to deal with until now.
Hackers and various other malicious actors have increased their activities during the pandemic, employing numerous different types of cyber attacks that aim both to extract data and money from unsuspecting users.
There has also been a significant influx of cyber criminals into the space—both Interpol and Deloitte noted in their latest reports that this could very well be the consequence of millions of people losing their means of livelihood due to COVID-related restrictions.
According to Haseeb Awan, CEO of Efani, a secure and private cell phone service, “Remote work is the future but 72.6% company CEOs have responded as under prepared for the transition. This has exposed not just the productivity drop but also security vulnerabilities since only 16.3% of companies are following security procedures.”
But how can we protect our businesses and our teams from the perils that seem to lie in every corner of the internet?
Firstly, those that manage remote teams need to understand what types of threats and attacks that can harm them are out there.
According to Interpol, one of the most common types of cyber attacks teams working remotely come across is malicious domains.
The huge increase in COVID-related domains showed that cyber criminals are creating thousands of new sites every day to carry out spam campaigns, phishing, or to spread malware. Malware, spyware, and Trojans have all been found embedded in interactive corona virus maps and websites accessed by millions of users daily.
Malware isn’t the only thing remote teams need to look out for—unwanted intrusions on video conference calls, denial-of-service attacks, identity theft, and harassment are just some of the things that affect the security of businesses working online.
Despite the impossibly long list of dangers, you can actually protect your remote team and your business from most of them. Here’s how.
Internet connection security
Office work usually means that we’re relieved from worrying about the technical issues that underlie our business practices.
Remote working, which usually requires working from home, means that tons of sensitive data rely on the often flimsy security of the home internet of your team.
The first line of defense for remote teams should be improving each of the members’ internet security. Something as benign as utilizing VPN services and switching to a more secure WiFi-protocol (WPA-2 instead of WEP) could drastically improve security.
While Gmail accounts of your employees might not contain information that could be of any significant value to a potential hacker, their office accounts certainly do.
As an additional layer of security, your remote team should employ better protection by introducing longer and more complex passwords for their business emails and other accounts.
“Companies should also ensure their employees aren’t reusing passwords, even if they’re secure hard-to-guess passwords” suggests Paul Sibenik, Lead Case Manager at CipherBlade, a blockchain investigation agency that investigates data breaches and hacks frequently.
Using a password manager such as 1Pass, Dashlane or LastPass and securely holding the secret key offline is a much better solution, as a password breach may still occur at some point resulting in the password becoming compromised.
Importantly, Paul also suggests “If security is important, a secure additional authentication layer should be considered a necessity. However, companies should be cognizant of how this second authentication layer can become compromised by an external actor.”
Paul goes on to state “SMS 2FA is an extremely poor form of 2FA since it can be easily compromised via a SIM Swap. App-based 2FA like Google Authenticator and hardware-based 2FA like Yubikey are much better solutions.”
Loss of data
Cybersecurity doesn’t only mean protecting your data from hackers—it also means protecting it from your employees.
Either as a result of negligence or malicious attacks, the valuable company data you and your team hold could easily disappear or could be compromised. Paul suggests that many employees aren’t used to having to share data and all their work with others remotely; they’re used to being able to share data and communicating with other employees in person, which is no longer possible in a remote working environment.
To combat this often devastating problem, teams should always keep backups of everything they’re working on. For best results and security, cyber crime experts recommend keeping important and sensitive data stored independently from your system on an encrypted external hard drive.
Cloud backups like Google Drive or Dropbox can also be used for non-critical data.
Efficient remote working often means sacrificing attention to details to achieve maximum productivity.
However, the fast pace of online work can have devastating consequences if it leads you directly into a phishing scam. Hackers posing either as a legitimate institution or another remote worker could easily get your login information or bank details if not careful.
While phishing attacks can’t be prevented per se, a little attention to details could keep both you and your team safe from any harm.
Always make sure that the website you and your team are entering your information to is legitimate—check for SSL certificates, broken links, spelling errors, and domains. Emails with a sense of urgency that require your data or contain suspicious or broken links should be a cause for concern and, as such, transferred directly to the spam folder.
Not all attacks have to cause material harm—forceful intrusions of conference calls can put a strain on a team’s productivity, causing stress, anxiety, and delays. Some cases of Zoombombing have also commanded the attention of the F.B.I., rising to the level of hate speech and harassment.
While the platform has introduced a new Security option for users, this phenomenon isn’t only limited to Zoom. Chat apps such as Skype and Webex have also suffered from intrusions.
To keep your Zoom conference free of “bombers,” try using a unique ID for each call, instead of reusing your Personal Meeting ID (PMI). Using Zoom waiting rooms will create a buffer zone between your team doing the conferencing and intruders that want to join in. Also, ensure a meeting password is set.
When combined with invite-only meetings and allowing only your as the host of the meeting to share screens, these steps will make your conference bulletproof.
These steps can and should be taken even after the world recovers from the ongoing pandemic.