Not-for-profits, like most organizations, have transitioned to working remotely during the COVID-19 pandemic. Meetings are being held virtually, with workers connecting to the Internet on home networks using both work and personal devices. This rapid shift to remote work is putting IT systems and data assets at risk, driving not-for-profits to take action to keep systems and employees secure.
Remote work increased 140% between 2005 and 2019.
Last September, we reported that more than 25% of Americans work remotely part of the time. The outbreak of Covid-19 has prompted employers to shift to a remote work environment to limit the spread of the virus, and the number of U.S. workers now engaged in a work-at-home or remote work role has grown tremendously as a result.
While there are many benefits to remote work, including greater productivity, lower operating costs, improved recruitment, and reduced carbon emissions, there are also numerous challenges.
One challenge all companies face when moving to a remote work environment? Cybersecurity.
The Why: Remote Work Increases Cybersecurity Risk
Remote work without the added complexity of a global pandemic can increase cybersecurity risk. With employees dispersed over multiple locations using unknown devices to send and receive sensitive data, the risk to the company and its resources is significant.
As Flavius Plesu, founder and CEO of human risk intelligence firm OutThink told ZDNet, “At times of crisis, hackers see opportunity.”
Cybercriminals are expert social engineers, using fear and uncertainty to bait and attack unknowing victims. An event that impacts the globe, as in the case of Covid-19, provides an incredible opportunity for these criminals.
The Challenge: Cybersecurity In A Remote Work Environment
As we alluded to earlier, there are numerous challenges in a remote work environment. From an IT perspective, the encompassing perimeter security layer is erased, leaving the internal network and everything it houses at increased risk.
The 7 Layers Of Cybersecurity: What Happens If The Perimeter Is Gone?
With the perimeter layer absent, humans – both malicious outsiders and negligent insiders – have direct access to the interior security layers. For some not-for-profits, they may have already taken steps to embrace edge computing; however, for many this security layer is instrumental in protecting mission-critical assets.
The How: Tackle Cybersecurity In A Remote Work Environment
With the need to move employees to a remote work environment, not-for-profits are forced to take on this added cybersecurity risk. So, how can they make this necessary change securely – and fast?
Step 1: Get Strategic About Resources Resources are going to be limited. Whether its VPN access, bandwidth, extra monitors or the IT department’s time and people, a swift shift to a remote work environment is going to strain the team.
Determine what a minimally viable remote work environment requires and procure those resources first.
Step 2: Cover The Basics… Anti-virus software, secure Wi-Fi, employee training – make sure the fundamentals are covered so employees are secure in their environments.
Make sure employees know to lock their computer screens if working in shared spaces (even if that’s at home).
Step 3: … And Write Them Down Ensure every employee has received (and read) your Work-at-Home or Remote Work Security Policy. Don’t have one? Make one. Even hardened cybersecurity experts click on phishing emails and fail to backup data.
Step 4: Secure The Network – Wherever If you do not already have a VPN, get it now. An extended remote work environment means that most employees will need to access network assets at some point. Ensure they do so securely with a VPN.
Step 5: MFA, Email Security, Content Filtering – And More Now’s the time to harden your security controls. As Ira Winkler, President of Secure Mentem says, “It’s a ridiculous business decision to rely on the discretion of a minimally-trained user to thwart a highly-skilled sociopath, financially-motivated criminal or nation-state.”
Don’t put the onus of cybersecurity on your employees. This is the time to assess, test and harden your security posture to reduce overall risk in a remote work environment.
Step 6: Get Help With strained resources and a seemingly constant in-flux state, you might need help. Mindsight feels it is our duty at this time to assist not only our loyal customers, but also anyone in need of assistance in implementing remote work technology, structure, and security policies.
Mindsight, a Chicago-based IT cybersecurity consultancy is recognized for delivering secure IT solutions and addressing infrastructure and communications needs. Earlier this year, Mindsight and ORBA’s Not-For-Profit Group, held an in-person seminar, Is Your Not-For-Profit Organization at Risk of a Cybersecurity Attack?, where Mindsight Senior Security Solutions Architect Mishaal Khan outlined the most common threats to not-for-profits.