Aspects of cybersecurity not to overlook when working from home

Just because your team has gone remote doesn't mean you need to be vulnerable to hacks, breaches, and scams.

women working on a laptop away from the office
Pixabay
  • Prior to the COVID-19 outbreak, many enterprises had yet to contemplate a mass work-from-home scenario and were therefore unprepared to support it securely.
  • There are practical steps you can take to safeguard confidentiality and cybersecurity with a WFH workforce.
  • Applying best security practices to test for vulnerabilities, supervise access controls and password management, secure connections, and apply endpoint encryption can go a long way.


Due to the novel coronavirus situation, billions of people are currently working remotely, many for the first time in their lives. It could be out of personal fears of infection, in obedience of local social distancing regulations, or in accordance with company-wide policies, but the end result is an unexpected shift from the norm of working in the office to working from home (WFH).

Managing a workforce that has been suddenly transformed into a remote one is challenging on many levels, not least because of the need to maintain cybersecurity standards. Prior to the COVID-19 outbreak, many enterprises had yet to contemplate a mass work-from-home scenario, and they therefore lack the policies, devices, or processes to support it securely.

What's more, in recent weeks, companies have been scrambling to preserve their security profiles in the face of an uptick in malicious actors seizing the opportunity to hack corporate systems. That's the bad news. The good news is that you're not powerless. There are practical steps you can take to safeguard confidentiality and cybersecurity with a WFH workforce.

Here are a few of the basics.

1. Set up a VPN for your employees.

laptop with VPN installed

Photo by Dan Nelson on Unsplash

A VPN (Virtual Private Network) is the first and most obvious way to secure your organization when employees are logging in from home. When people work from home, they use public internet or weakly-secured WiFi connections to access confidential data in your central database. They also share sensitive files, offering a golden opportunity for hackers to intercept data mid-stream.

A VPN uses strong encryption to create a "tunnel" for any interactions between your employees, and between your employees and your secure corporate network.

Atlas VPN, one of the biggest VPN providers, reports that VPN use has surged in areas with high numbers of coronavirus cases, such as Italy and Spain.

2. Be proactive about testing.

Ignorance can be your biggest danger. If you're used to dealing with a secure internal network, you won't always know where your vulnerabilities and weaknesses lie when it comes to remote access.

This kind of blindness can lead quickly to data breaches that you might not even be aware of until months after the event.

To resolve this issue, use tools like Cymulate's breach and attack simulation platform, which runs simulated attacks across remote connections to assess your cybersecurity risk levels. This can help you determine the extent to which your settings, defenses, policies, and processes are effective, and where you need to make changes in order to maintain a secure organization.

3. Train (and retrain) to minimize human error.

three people looking at computer monitors

Photo by Mimi Thian on Unsplash

Employees are vital to your success, but they can also cause your downfall. According to security experts at Kaspersky, 52 percent of businesses acknowledge that human error is their biggest security weakness. What's more, some 46 percent of cybersecurity incidents in 2019 were at least partially caused by careless employees.

Employees can cause data breaches in multiple ways, like failing to use a secure connection to download confidential data, forgetting to lock their screens when working in a public place, or falling for phishing emails that install malware on their devices. In addition, your employees might be the first to know about a security breach but choose to hide it out of fear of repercussions, making a bad situation worse.

It's vital to invest time and energy in employee training to ensure that everybody knows how to reduce the risk of successful hacking attacks and is not afraid to report security incidents as soon as they occur. Frequent reminders, online refresher courses, and pop-up prompts help employees take security seriously.

4. Be strict about access control.

Access controls are a vital layer of security around your network. Losing track of who can access which platforms, data and tools means losing control of your security, and that can be disastrous.

Even in "normal" times, 70 percent of enterprises overlook issues surrounding privileged user accounts, which form unseen entrances to your organization. As the WFH situation drags on, it's even more likely that access controls will lag, opening up holes in your perimeter.

In response, use role-based access control (RBAC) to allow access to specific users based on their responsibilities and authority levels in the organization. By monitoring and strategically restricting access controls, you can further reduce the risk that human error might undermine your careful cybersecurity arrangements.

5. Use endpoint encryption on devices and apps.

Because most companies were not yet set up for remote work when the COVID-19 crisis hit, the lion's share of devices used to connect from new home offices are not owned or configured by employers.

And with employees more likely to use their own computers when working from home, endpoint attacks become even more serious. SentinelOne, an endpoint security platform, reported a 433 percent rise in endpoint attacks from late February to mid-March.

Although it can seem difficult to secure endpoints when employees are working remotely, it is possible. SentryBay's endpoint application encryption solution takes a different approach, securing apps in their own "wrappers," as opposed to working on a device security level.

6. Apply multi-factor authentication and strong passwords.

Finally, weak passwords are a known gift for hackers. The problem only grows when employees work from home, as the contextual shift makes it easier for them to ignore reminders from your security team. They are also more likely to share or save credentials for faster remote access when it takes time to get a response from a newly remote security team.

If you don't already use a password manager to force employees to generate strong passwords and avoid sharing or saving credentials, now is the time to begin. CyberArk Enterprise Password Vault requires users to update passwords regularly, enforces multi-factor authentication (MFA) to reduce the chances of hackers entering your network through stolen passwords, and provides auditing and control features so you can track when someone uses or misuses an account.

Consumer password managers like LastPass and 1Password likewise offer business tiers with similar features.

WFH doesn’t have to undermine network security

With enterprises unprepared for mass remote working, industries worldwide could face a security nightmare. However, applying best security practices and using advanced tools to test for vulnerabilities, supervise access controls and password management, secure connections, and apply endpoint encryption can go a long way.

Make sure your employees know your security policies will help harden your attack surface, improve your cybersecurity posture, and prevent COVID-19 from causing a cybersecurity plague.

U.S. Navy controls inventions that claim to change "fabric of reality"

Inventions with revolutionary potential made by a mysterious aerospace engineer for the U.S. Navy come to light.

U.S. Navy ships

Credit: Getty Images
Surprising Science
  • U.S. Navy holds patents for enigmatic inventions by aerospace engineer Dr. Salvatore Pais.
  • Pais came up with technology that can "engineer" reality, devising an ultrafast craft, a fusion reactor, and more.
  • While mostly theoretical at this point, the inventions could transform energy, space, and military sectors.
Keep reading Show less

Why so gassy? Mysterious methane detected on Saturn’s moon

Scientists do not know what is causing the overabundance of the gas.

An impression of NASA's Cassini spacecraft flying through a water plume on the surface of Saturn's moon Enceladus.

Credit: NASA
Surprising Science
  • A new study looked to understand the source of methane on Saturn's moon Enceladus.
  • The scientists used computer models with data from the Cassini spacecraft.
  • The explanation could lie in alien organisms or non-biological processes.
Keep reading Show less

CRISPR therapy cures first genetic disorder inside the body

It marks a breakthrough in using gene editing to treat diseases.

Credit: National Cancer Institute via Unsplash
Technology & Innovation

This article was originally published by our sister site, Freethink.

For the first time, researchers appear to have effectively treated a genetic disorder by directly injecting a CRISPR therapy into patients' bloodstreams — overcoming one of the biggest hurdles to curing diseases with the gene editing technology.

The therapy appears to be astonishingly effective, editing nearly every cell in the liver to stop a disease-causing mutation.

The challenge: CRISPR gives us the ability to correct genetic mutations, and given that such mutations are responsible for more than 6,000 human diseases, the tech has the potential to dramatically improve human health.

One way to use CRISPR to treat diseases is to remove affected cells from a patient, edit out the mutation in the lab, and place the cells back in the body to replicate — that's how one team functionally cured people with the blood disorder sickle cell anemia, editing and then infusing bone marrow cells.

Bone marrow is a special case, though, and many mutations cause disease in organs that are harder to fix.

Another option is to insert the CRISPR system itself into the body so that it can make edits directly in the affected organs (that's only been attempted once, in an ongoing study in which people had a CRISPR therapy injected into their eyes to treat a rare vision disorder).

Injecting a CRISPR therapy right into the bloodstream has been a problem, though, because the therapy has to find the right cells to edit. An inherited mutation will be in the DNA of every cell of your body, but if it only causes disease in the liver, you don't want your therapy being used up in the pancreas or kidneys.

A new CRISPR therapy: Now, researchers from Intellia Therapeutics and Regeneron Pharmaceuticals have demonstrated for the first time that a CRISPR therapy delivered into the bloodstream can travel to desired tissues to make edits.

We can overcome one of the biggest challenges with applying CRISPR clinically.

—JENNIFER DOUDNA

"This is a major milestone for patients," Jennifer Doudna, co-developer of CRISPR, who wasn't involved in the trial, told NPR.

"While these are early data, they show us that we can overcome one of the biggest challenges with applying CRISPR clinically so far, which is being able to deliver it systemically and get it to the right place," she continued.

What they did: During a phase 1 clinical trial, Intellia researchers injected a CRISPR therapy dubbed NTLA-2001 into the bloodstreams of six people with a rare, potentially fatal genetic disorder called transthyretin amyloidosis.

The livers of people with transthyretin amyloidosis produce a destructive protein, and the CRISPR therapy was designed to target the gene that makes the protein and halt its production. After just one injection of NTLA-2001, the three patients given a higher dose saw their levels of the protein drop by 80% to 96%.

A better option: The CRISPR therapy produced only mild adverse effects and did lower the protein levels, but we don't know yet if the effect will be permanent. It'll also be a few months before we know if the therapy can alleviate the symptoms of transthyretin amyloidosis.

This is a wonderful day for the future of gene-editing as a medicine.

—FYODOR URNOV

If everything goes as hoped, though, NTLA-2001 could one day offer a better treatment option for transthyretin amyloidosis than a currently approved medication, patisiran, which only reduces toxic protein levels by 81% and must be injected regularly.

Looking ahead: Even more exciting than NTLA-2001's potential impact on transthyretin amyloidosis, though, is the knowledge that we may be able to use CRISPR injections to treat other genetic disorders that are difficult to target directly, such as heart or brain diseases.

"This is a wonderful day for the future of gene-editing as a medicine," Fyodor Urnov, a UC Berkeley professor of genetics, who wasn't involved in the trial, told NPR. "We as a species are watching this remarkable new show called: our gene-edited future."

Quantcast