orange arrow

Teleworking - The New Normal

Written by Robert Villanueva

Millions of people around the world are presently working from home (teleworking) due to the outbreak of coronavirus (COVID-19). This is the "new normal". Teleworking introduces a host of operational and cultural challenges for both employers and employees. One such challenge is security.

As we have seen over the last few weeks, hackers and cybercriminals are ramping up attacks against corporations and individuals, taking advantage of the opportunities created by the COVID-19 chaos and displacement (refer to our blog posts published on March 11th and March 20th). For example, just a few days ago, Finastra, a company providing a range of financial technology solutions to banks across the world, shut down critical systems due to a ransomware attack, and a vaccine testing facility was similarly targeted with ransomware. Even the World Health Organization has reportedly seen attempted cyberattacks double in recent weeks.

With employees working from home and accessing sensitive systems and data, attackers often do not have to contend with robust security infrastructures that protect corporate networks, making the ‘targets’ easier to compromise. Unsecured home networks, use of personal computers, exposure from other compromised devices in the home, and the lack of physical security controls all create opportunities for hackers that they could never dream of in a typical corporate environment.

To mitigate the risk, corporate security teams must quickly implement teleworking security protocols and best practices that incorporate business requirements and practical considerations of the current pandemic. There are numerous resources and guides readily available. We at Q6 Cyber would like to highlight a handful of basic teleworking recommendations and best practices provided by NIST:

  • Develop a company-wide policy for teleworking security protocols.
  • Utilize only company-issued computers and devices (do not use personal home computers or devices).
  • Enable a company VPN (virtual private network) for login to corporate networks.
  • Ensure internet connectivity via secure networks (no open Wi-Fi).
  • Educate employees about social engineering attempts such as phishing emails or phone scams related to telework.
  • Encrypt stored data at rest containing sensitive company information.

Most importantly, determine the right solution for you. For additional background and detailed recommendations please refer to NIST’s Special Publication (SP) 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security.


About the Author

Robert Villanueva is an Executive Vice President at Q6 Cyber and a retired supervisor at the United States Secret Service where he founded and led the Cyber Intelligence Section in Washington D.C.