HP Innovation Journal Issue 15: Summer 2020 | Page 64
SECURITY
Working from home means using personal Wi-Fi, which may
not be as secure as being on a network in the office. Gagan Singh,
VP of Strategy and Innovation for HP’s commercial PCs, says that
companies need to invest in virtual machines that can be segmented
to ensure the whole network isn’t infected if something
does happen to one remote computer. Next-generation antivirus
software also provides protection, especially when an administrator
can manage it remotely and keep it up-to-date, since employees
might be tempted to disable the software if it causes their workflow
to slow down.
There are also basic best practices that employees can follow to
protect business data. These include never downloading or saving
the organization’s information to personal devices. For passwords,
it’s essential to not use work passwords for personal devices (and
vice versa); change them immediately if there is suspicion anything
was compromised; and adjust settings so that the “remember
password” functions are turned off. While it would be ideal for
technology to help automate some of this, many software makers
are scrambling to update their systems for remote workers.
Most enterprise businesses already have a cybersecurity governance
code in place, which includes an information security
policy and other policies that outline security guidelines for remote
work and remote access to a company’s information systems. This
document needs to be checked to see if it’s up to the challenge of
long-term remote work and is adequately detailed to guide employees
to best practices.
“Managers should be very familiar with what the guidelines are,
and be talking with their teams about it regularly,” Howard says.
Be hypervigilant about external threats
According to research from the security software firm Trend
Micro, 91% of cyberattacks begin with a phishing email in which an
intriguing subject line or familiar-seeming sender lures someone
into providing sensitive data or downloading malware. Without
the layers of protection put in by an IT department to catch many
of these attempts, employees are more exposed to these threats
than before. Companies need to reinforce the importance of being
wary, including the ways scammers try to manipulate people,
91%
of cyberattacks
begin with a
phishing email.
and to keep remote workers up-to-date concerning the types of
attacks to be on the lookout for.
“Employers should make their remote employees aware of bad
actors trying to get information that could help compromise the
network, a technique commonly known as social engineering,” says
Laura Spawn, CEO of Virtual Vocation, a company that connects
people wanting to work from home to remote jobs. “These attackers
may send phishing emails to employees to gather confidential information
and often do extensive research about a company before
attempting to penetrate their system.”
Criminals are also using our fear of coronavirus against us:
Cyberthreat researchers at Barracuda Networks saw a 667%
increase in March 2020 in malicious phishing emails that claimed
to be about ways to protect yourself from coronavirus, as a means
of tricking people into opening emails.
“It’s a good idea to ensure sensitive data is encrypted during
transmission, processing, and while it’s sitting on your home network,”
Howard says. "At the very least, you have to remind and train
employees that scammers are perpetually on the prowl and they’re
taking advantage of what’s happening now.” It’s not just phishing
attempts or malicious websites. According to Singh, there was at
least a doubling in ransomware attacks in the first weeks of the pandemic.
These attacks, in which criminals lock up important data and
demand payment for its release, were estimated to cost $8 billion in
2019. Those emails and texts also prey on fear, offering attachments
with titles like “How to Protect Yourself from Coronavirus.”
“It’s very likely you will click on it,” Singh says. “We are doing
100% of work and 100% of life simultaneously, and that just exposes
us to a lot more threats.”
Harden up home hardware
In the rush to social distance, many people went remote without
work computers and had to rely on whatever setup they had at
home. This creates potentially serious security risks, since consumer
products aren’t always up to the level of enterprise hardware
used in the workplace. Over half these workers don’t feel they are
adequately set up for remote work, according to an HP COVID-19
pulse survey.
“The organization has no control over those computers,” says
Michael Hamilton, founder and CISO of the digital security firm
CI Security. “You have to constantly message your employees that
you are a target and have to be extra careful.”
If possible, Hamilton says, employees shouldn’t use the same
computer for remote work that they do for leisure or home computer
time. For businesses that are able to—and those with
employees working on highly sensitive information—Singh suggests
buying a work-only computer for employees, to break up these
two different-use cases and minimize risks.
In this new reality, millions of remote workers are on the front line
on their own. Away from more secure corporate networks and with
applications executing over home connections, endpoints need to
be able to protect themselves.
“I recommend that every business challenge their suppliers and
vendors to ensure all their software and hardware can be implemented
in a secure way,” Howard says. “It’s more critical than ever
PHOTOGRAPH BY
INNOVATION/ SUMMER 2020
62