Privia Security was chosen as one of Türkiye's fastest growing companies!
Privia Security was chosen as one of Türkiye's fastest growing companies!
The remote working methods that have come our way with the COVID-19 pandemic bring with them a number of risks. The measures taken to mitigate the risks and effects of the pandemic have led to an unprecedented increase in remote working, which concerns everyone. Along with this, we also see that many of the remote working and meeting applications being used have come up against numerous cyber attacks.
Our experts have summarised the main challenges and tips for staying safe while working remotely, and have also compiled for you a series of measures against many cyber attacks.
The purpose of this article is to shed light on some fundamental cybersecurity issues related to the sudden increase in organisations’ remote working arrangements, and to discuss the possible measures for keeping corporate networks as secure as possible during the pandemic.
Today, even though the idea of working from home is not a new idea, during the pandemic it is being seen as the only alternative. On the other hand, in this process, with the development and maturation of cloud infrastructure, we are able to use technologies for which we have a good infrastructure for moving away from the classic office concept of work.
One of the immediate risks that has emerged, and the most important point to which attention must be paid, is that the telecommunications infrastructure may not have the capacity to support the increase in demand. Experts have issued warnings that bottlenecks may emerge, especially in those regions of the country that do not operate on fibre. In our country we have also seen significant steps taken both by Türk Telekom and by the operators in the private sector.
Although in terms of average speed we still lag behind countries such as Germany and France, we can see that the providers have stated that the country has the necessary capacity, and that no critical outages have occurred over the last month.
Another risk is the individual infrastructure of companies and organisations. We can foresee that the remote working systems of companies with thousands of employees will continue without interruption, since not all employees will be active at the same time.
From an infrastructure point of view, we could say that, until a few years ago, we might have experienced much more complex and troublesome processes. However, we have seen that many medium and large-sized firms, even if they had not foreseen such a situation, have increased their existing capacity for remote workers. Of course, the country-wide effect of any existing shortcomings in this capacity may also cause a difficult process to begin. Even though organisations appear to have prevented capacity problems at this point by sending many of their employees on paid/unpaid leave, we would like to emphasise that if the pandemic process is prolonged, infrastructure problems may arise.
Working remotely also brings with it a set of security concerns that can cause problems for cybersecurity teams in any internal network system.
The fact that networks are becoming more complex, that we have much larger structures, and that there are thousands of access points to be controlled because of initiatives such as employees using their own devices, can make for a difficult period for cybersecurity experts.
Of course, the fact that the KVKK (Turkish Data Protection Law) regulation that has come our way in recent years has made data protection an important part of any strategy, together with the fact that the majority of staff are working from home, adds a new item to the already long list of concerns. Cybersecurity experts, who are already experiencing major problems with integrating current laws into their processes, may find it difficult to minimise the risks for employees using their own devices.
Wi-Fi hacking / piracy is a fundamental skill for ethical hackers and penetration testers all over the world. Of course, they use these skills to identify and eliminate security vulnerabilities in organisations. However, we can comfortably say that there is a large majority of people who never change the Wi-Fi password at home. On the other hand, the Wi-Fi passwords we use while working from home are unfortunately used in a weak and easily guessable way. Of course, this situation carries a significant risk for the cybersecurity personnel of organisations. Because even if the personnel connecting from the home network and working remotely use a VPN, the risk of being compromised in some way arises.
If the security of devices has been compromised, or if a malicious download has been made unintentionally, it can pose a threat to the internal network. Similarly, on open Wi-Fi networks, there is always the possibility of various credentials being stolen and accounts being compromised.
Companies generally have various security tools that form part of a robust protective layer, including firewalls, antivirus software, VPNs and penetration tests. Of course, this security depends on the kinds of tools each organisation uses, but the security tools at the disposal of companies are generally far superior to those of individuals. However, when away from the office, the effect of such power may be weakened.
Training is generally not just about providing solid, up-to-date information. Watching training videos alone will also not be sufficient. Training plays a major role in establishing a security culture, and cyber awareness has shown unprecedented growth over the last few years as organisations strive to train their employees. During this process too, for your organisation’s employees, you have to make more frequent use of Social Engineering and Awareness Tests.
Security tools such as OhPhish and PhishMe not only test against regular phishing campaigns but also support educating the end user. On the other hand, special tests and scenarios for users should also be applied to professionals.
Protocols, PCIDSS, ISO and similar processes are an important building block of network security. It is clear that people are prone to making mistakes. We must also not forget that, due to the lack of information security awareness on the part of employees, they can be open to cyber attacks, and that the weakest link in security is the organisation’s employees.
How do organisations reduce the various risks that arise from enabling the workforce they need to work from home? There is a set of practices that can be applied at both the individual and the organisational policy level. These practices ensure that organisations can also effectively use the workforce they need while working remotely.
Companies should definitely create a checklist that includes basic measures, and distribute these clearly within the workforce in order to minimise possible problems. On the other hand, employees must remain alert and conscious of threats outside the usual working environment.
Working remotely does not have to be risky. Working remotely will be productive when done correctly. However, if these rules are not followed, it will be much more difficult to control.
Let us stay calm, follow the rules of our Ministry of Health, maintain social distancing, and by following our organisation’s policies, also stay clear of computer viruses!
You May Be Interested In These
