Security Issues when Toggling between WFH and Personal Communications
Keeping business systems safe inside the corporate network is already a headache for security professionals. The new era of Work from Home (WFH) compounds the issue, expanding the threat perimeter and stretching IT resources to the limit. As more organizations allow for Bring Your Own Device (BYOD) as part of their IT policies, keeping every connected node secure depends on expert planning and real-time monitoring. Organizations must also consider cybersecurity interventions driven from the C-suite that go beyond the corporate network.
Personal communication tools and devices are notoriously vulnerable to security exploits. With the acceleration of WFH due to the global COVID-19 pandemic, many employees (56%) had to rely on their personal computers to remain productive. Allowing the use of personal devices for remote access can work as a contingency plan, but it’s not a sustainable solution.
Cybersecurity Concerns with Personal Communications during WFH
Growing concerns over cybersecurity were evident after an increase in attacks on businesses, government agencies, and cloud service providers before 2020. Increasingly complex deployment models, combined with easily accessible exploit kits using sophisticated malware, strained the information security community. As soon as teams patched one vulnerability, hackers would already know about another entry point and shift focus, targeting a continuously widening “patching-gap.”
Once you add personal devices and home Wi-Fi networks to the equation, securing the entire perimeter is a daunting task. Most of the concerns regarding WFH cybersecurity stem from user behavior, network configuration errors, and compromised apps. To secure your business systems and enable employees to use their personal devices and networks for remote work, here are five cybersecurity WFH best practices.
- Separate WFH and Personal Communication Devices
Wherever possible, employees shouldn’t use their own communication tools to access business systems. By keeping the devices and networks separate, the organization can mitigate the risk of a compromised device leading to a security breach. As the IT department doesn’t have control over which sites, apps, and emails are accessible on a personal device, it’s advisable to err on the side of caution. Keeping work and personal devices separated is the best defense against an infected device compromising the company’s network.
- Encrypt All Remote Communication Sessions
Using modern encryption for all communication (including data and VoIP) will prevent the interception of critical business information during transmission. Hackers will monitor unencrypted channels, snooping on information that they can weaponize for a cyberattack or exploit for a social engineering attempt. Encryption will hide all sensitive business information from outside eyes even when using a public or home network. The company should either opt for a VPN when accessing business systems or make use of cloud communication platforms that offer encryption as a part of their service offerings.
- Deploy Proactive Email Security
Phishing remains one of the primary attack vectors available to hackers. While compromising a system’s security requires time and effort, a simple erroneous click from a distracted or negligent employee can open the entire network to an exploit. With enhanced email security, you can protect staff from malicious links and real-time threats using industry-leading scanning solutions that detect and block spam, malware, and phishing attempts.
- Remain Focused on Physical Security
Even if employees can now work from anywhere, companies should not neglect the physical security of personal devices. Securing laptops and mobile phones or tablets regardless of where your staff is working from is still a vital cybersecurity consideration. If any personal device that contains sensitive information falls into the wrong hands, it could provide bad actors with convenient access and lead to a compromised network. Using laptop locks and educating employees about the risks can prevent a lost or stolen device resulting in a security breach.
- Use a Secure Universal Communications as a Service (UCaaS) Platform
One solution available to organizations is opting for an integrated, UCaaS solution for all business communications. To protect private and sensitive information from prying eyes, a platform like Unite from Intermedia provides complete peace of mind while also enabling reliable communications between resources working in any environment. Intermedia Unite works on mobile devices, desktop computers, and integrates with desk phones just like a traditional PABX. You can also deploy Two-Factor Authentication (2FA), encryption, and analytics for improved work from anywhere security, administration, and control.
Enabling Personal Communications without Compromising Business Networks
Maintaining safe and secure business communications while enabling staff to work from anywhere will challenge even the most sophisticated enterprises. Using a platform that provides secure access, elevated security scanning, and encrypted communications can mitigate the risks associated with remote work and protect sensitive company information stored on personal devices.
To find out more how Intermedia’s UCaaS solutions can help protect staff while they work from home, reach out to one of our agents today.