March 16, 2020
COVID-19 outbreaks and the risk of exposure forced many workers to stay at home and embrace remote work to decrease the risk of spreading the infection.
While remote work can help users stay isolated from public places and avoid face-to-face contact, companies are facing other kinds of challenges, like the inability to monitor user activity, a potential reduction of productivity, not mentioning the monetary losses caused by the pandemic.
Remote work is essentially a necessary security trade-off that has to be managed correctly.
Most employees used to working within a secure company perimeter are exposing themselves to other infection risks, unrelated to coronavirus.
Without having a suite of updated security tools installed on the working machines within a secure network guarded by the IT team, employees are more likely to make a security mistake that can’t be corrected.
Lack of encrypted connection, no endpoint protection, public Wi-Fi risks that enable various man-in-the-middle attacks, use of personal devices - all those factors can jeopardize the cybersecurity of the company. A watering hole attack, where online criminals deliberately target a website used by most employees, also opens the possibilities of mass infection.
Particularly big risks during remote work concern email communication, where employees prefer to use their private accounts to communicate with peers and share files and documents belonging to the company via unsecure channels. Even VPN services can’t resolve the security issue single-handedly.
It is easy to gain access to corporate data from a spoofed email account, made to look like it belongs to one of the workers.
It is also possible to attack workers by sending them a simple email with malicious attachments.
Let’s say the attackers are masquerading as the company’s cybersecurity representatives and ask remote workers to get familiar with the updated guidance on safe remote working processes.
All the files are conveniently added to a well-written letter, and come from an email account that resembles a genuine address. Why wouldn’t some employees click on it?
Uneducated personnel isolated from double-checking the integrity of such emails are vulnerable, even more than usual because of the distance between the two parties. Downloading a file or a document wouldn’t seem like such a bad idea. Additionally, that file doesn’t have to shut down the worker’s system, instead it could gain covert access, that could be explored later on. In such scenarios, employees are also exposed greatly.
Another risk associated with remote work? Phishing emails.
Because of the public disturbance in the wake of these uneasy times, fear-uncertainty-and-doubt-induced emails could pose a bigger threat than usual. People are rather concerned about other pressing matters like the stock of their supplies and the well-being of their relatives, and so the human factor’s effect on everyday activities is doubled. Right now, the public is in the prime condition to “swallow the bait” and make a reckless decision.
We could imagine a situation where a bogus email coming from a spoofed corporate domain could encourage users to “log in” to their usual accounts via a “secure tunnel”, asking for their credentials in return.
While this should be a targeted attack concerning naive, unsuspecting, or poorly educated employees, it can still happen and reap benefits for cybercriminals, who are far more accustomed to working remotely.
Communication issues come in strides during remote work, even though a lot of collaboration platforms are making it easier for people to connect and discuss their work plans.
Even though companies make it easier than ever to handle a conference call to plan their next steps, email will still be a big part of that communication, and email is vulnerable in its nature.
To help make email communication secure and keep all corporate data immune to outside threats, StealthMail wants to offer companies a 90% discount to acquire its services. StealthMail can guarantee email communication security for remote workers for the following reasons:
To find out more about the solution, please refer to StealthMail datasheet.
We would also like to remind everyone that the health of employees should be one of the top concerns for business leaders. Please stay considerate at this time and show your personnel the support it deserves.
Without it, all security solutions are meaningless, as employees would simply feel like they are not respected, thus being less interested in the well-being of the company.
Stay safe and follow the recommendations issued by reputable medical entities.