Why You Need Remote Work Endpoint Security Now
Remote work endpoint security is a topic that’s been bubbling under the surface for a few years now, and is now the top priority for SMBs.
When we typically spoke about business technology improvements coming into this year, it was all about AI, rapid apps, and data extraction.
But the current lockdown and drastic overhaul of our daily working lives have thrust an already important issue into the forefront of business tech: endpoint security.
The Internet of Things (IoT) has brought many benefits to SMBs in terms of efficiency, productivity, and business opportunities.
There were 15.4 billion IoT connected devices in 2015 and that number is expected to hit 75 billion by 2025.
Now, however, with the working population currently conducting their work remotely, the vulnerabilities of these numerous endpoints are clearer than ever.
Endpoint Vulnerabilities
Businesses have been coming to terms with dealing with endpoint security for a while now, but in truth, there are very few businesses that are effective in securing their networks from cybercriminals.
Endpoints exist practically everywhere in a modern office—smart TVs, mobile devices, printers, vending machines—you name it.
Virtually any and every device can be connected to your network, and this influx of endpoints has meant cybercriminals are having something of a field day.
We’ve seen the damage that’s been done to organizations all over the world by having lax security on their printers, with companies losing substantial sums of money to hackers exploiting this weakness.
According to the Global Print Security Report, 60% of businesses in the UK, US, France, and Germany suffered a print-related data breach in the last year. The data loss related to these breaches costs companies an average of more than $400K
Related Post: Printer Security: Why It Matters to SMBs
Rising Threat of COVID-19-related Cyberattacks
Cyberattacks have been increasingly hitting SMBs in recent years.
While it may be large enterprises that are the ones who make headlines, it is in fact the small and midsize businesses that have the most to lose.
96% of IT decision makers believe their organizations are susceptible to external cyberattacks and 71% say they are not prepared to cope with them
When SMBs are hit by cyberattacks, they get hit hard, and an estimated 93% of companies without a disaster recovery plan who suffer a major data disaster are out of business within one year.
These concerns are further exacerbated by a sharp increase in the number of attacks that have occurred in the wake of the COVID-19 outbreak.
Cybercriminals prey on people’s fears and exploit their weaknesses through sophisticated phishing attacks.
Phishing emails have spiked by over 600% since the end of February as cyber-criminals look to capitalize on the fear and uncertainty generated by the COVID-19 pandemic
There has been an uptick in the number of phishing emails that pertain to COVID-19 being sent, and with 52% of cyberattacks directly attributable to human error, it’s clear that many workers lack the correct knowledge to appropriately deal with this new influx of attacks.
Related Post: Coronavirus Scams: Q&A With Impact’s Director of MIT Security Services
Going Remote
With an effective endpoint security service plan, you can cover all your bases as far as protecting devices under the network goes.
But how does it work when your workforce is out of the office?
As you can imagine, this existing challenge of remote work endpoint security has been put under the microscope like never before in light of the current state of affairs relating to stay-at-home orders across the country.
It’s one thing looking after your endpoints on a single work network, it’s a whole other proposition to safeguard your employees’ devices while they’re OOO and operating under home networks.
There are several questions to immediately ask yourself when dealing with a remote workforce:
- Are they using their own (personal) devices?
- Do they have any company-approved security software installed on their devices?
- Are they operating under home networks?
The reason you must know the answer to these questions is to ascertain the risk factors of your remote workers.
Risks of Not Having Remote Work Policies
For some businesses, the transition to a work-from-home environment may have been comparatively easy.
Organizations that already use remote workers will often have a policy outlining how company data should be accessed by staff not operating under the work network (in other words, people working at home).
Related Post: Planning Your Remote Work Security Policy
63% of company departments have at least one person who works remotely for a significant amount of time, but 57% of businesses have no formal work-from-home policies
The remaining businesses which have yet to formalize a policy are in a position where they are at risk of being the victim of a cyberattack—much more so than peers and competitors who do have policies.
What Can You Do for Your Remote Work Endpoint Security?
Review communication software
How are your staff communicating, and are the existing communication channels up to an acceptable standard?
Does the communication app you’re using have end-to-end encryption?
Apps like Google’s Hangouts and Zoom do not feature this, while Microsoft Teams does and Google’s Duo also does (though Duo lacks many necessary features and is a closer relative of Apple’s FaceTime; designed primarily for one-to-one calls).
If employees are regularly communicating about confidential information, it’s absolutely worth considering whether the app they’re using is securely safeguarding it.
Consider a VPN for sensitive information
If remote workers are consistently accessing and handling sensitive information, you might want to consider using a VPN to look after it.
A VPN makes a “tunnel” between the endpoint and the work network, meaning the wider public internet cannot interact or interfere with the user.
This checks a lot of boxes for remote workers, even allowing them to use public WiFI networks—so long as the VPN is running.
Install antivirus on devices
Do your workers’ endpoint devices have basic protections like antivirus?
If not, make sure that every employee has some form of antivirus installed as long as they’re using it for work.
Even Windows Defender has security measures that will help protect against most threats, though it’s worth thinking about next-gen antivirus to ensure a higher standard of cybersecurity for your remote workers.
Educate your employees
It only takes one breach to cause irreparable damage to an SMB, and human error unfortunately represents a significant threat to your business.
Strongly consider educating your remote workers on how to ensure their endpoints aren’t compromised.
This is best done through security awareness training, but every little helps. If your IT team learns about a specific type of attack, be quick to make people aware and help them understand what to look out for and avoid.
Utilize multifactor authentication (MFA)
Microsoft cloud services see 300 million fraudulent sign-in attempts every day. MFA blocks 99.9% of account hacks
Many people have passwords that are insecure, particularly to cybercriminals adopting “brute force” methods.
Brute force attacks involve using software to use combinations of credentials over and over again to gain entry into a system.
MFA eliminates this by necessitating two forms of authentication, significantly lessening the probability of a breach and drastically improving your remote work endpoint security.
In light of recent events, many organizations have found themselves playing catchup, trying to implement makeshift cloud solutions to make up lost ground while their workforces transition to remote work for the immediate future.
To find out more about how the cloud can ensure your business is in good shape for the future, download our eBook, “Which Cloud Option Is Right For Your Business?”