While working from home was the norm during the first year of the pandemic, many companies are now adopting permanentthat experts say make companies more vulnerable to versus when their staffs are on-site.
For employers, securing their data and servers could be one of the most challenging components of juggling both in-person and remote workers, according to Laura Hoffner, a cybersecurity expert and chief of staff at risk management firm Concentric.
Mitigating security risks has proved to be a “very large headache” for companies managing workers logging in to company devices from various locales, according to Hoffner. “What you’re really seeing is that the vulnerabilities are increasing as we expand out that network and more people are working from home,” she told CBSN.
In early spring of 2020, working from home became necessary to mitigate the spread of COVID-19, which appeared quite suddenly in the U.S., requiring in-office workers to abandon their desks without much preparation.
“The default was ‘How can we make it as easy as possible for the employee?’ which is an understandable and appreciated default by most,” Hoffner said. “Unfortunately, those security measures that are so crucial that are taken into account from the very beginning — are now needing to be applied retroactively.”
Tried-and-true security practices
There are, however, tried-and-true security practices that can help keep businesses safe.
- Multifactor authentications systems, for one, are a good place to start. “Layers. You have to absolutely go through layers of cybersecurity,” Hoffner said.
- Companies should also continuously evaluate and update cybersecurity measures. “It’s going to be an ongoing effort. Security and cybersecurity specifically are not a one-and-done. You need to constantly reanalyze what the new vulnerabilities are, how the new attacks are occurring, and then educate as much as possible,” Hoffner said.
- Ensure WifFi routers are patched or up to date; never rely on default passwords,;and install antivirus or intrusion detection software to minimize risk and use a virtual private network (VPN).
- It’s key for all members of an organization to be vigilant about protecting their devices, Hoffner said, as just one weak link “really can break the chain for the entire company.” Unsuspecting individuals can open companies up to attack, for instance, if they open up a phishing email by mistake or misplace a device.
“We miss those days where the biggest issue was the physical vulnerability link — you leaving your laptop somewhere. But now unfortunately it really has gone into the full spectrum,” Hoffner said. “You don’t have to leave your laptop anywhere for it to be vulnerable.”