Working from Home: How to Make It Safe?

Share the Post:

The idea of working from home, a methodology now imposed by the pandemic, is something most businesses should get comfortable with. For many years, there has been resistance against the model, ignoring the implications of its implementation.

Now, after its sudden enforcement, something that no one could possibly predict in 2019, thousands of businesses around the world are discovering (and in many cases, experiencing) the risky implications of going WFH.

Having remote workers create a whole new set of challenges in the cybersecurity field. Teams are no longer working at the company facilities, where the infrastructure is robust and well-protected (ideally) but from their apartments and casual venues. This is a major security liability that too many continue to ignore.

New Problems

Working from home taps a rich source of cybersecurity issues that companies must take care of. From working while connected to insecure networks and using personal devices to lacking the proper methods to protect IoT devices and processes, challenges are abundant for modern businesses.

We also have the widespread use of insecure software. Take Zoom, for example, a piece of free software that became a quintessential tool since the quarantine started. The software also came with a plethora of security vulnerabilities that led to breaches for thousands of users, both on free and paid plans.

And on a different flank, we have to say that while the Internet of Things (IoT) has the potential to empower businesses, the technologies behind it are often lacking, by default, the cybersecurity standards we should be looking for.

In processes where IoT has become essential, there are multiple factors to consider. Devices, in most cases, lack the processing power and memory capacities to enable security features. This is the case, for example, of data encryption.

Which is even worse, the IoT device industry showed for many years a serious lack of concern for cybersecurity matters, leaving their products fairly unprotected. This is something that, naturally, has changed for the better but must do the trick as a reminder for organizations to take a closer look at the current security controls present in their devices.

Securing IoT Devices

In the IoT field, what should the companies be doing with their devices to guarantee security, control, and integrity?

The first step is to include IoT in their global security framework, a practice that currently is not the norm but the exception. 

The Internet of Things Security Foundation released, very recently, a new version of their security framework for businesses to take into consideration. The IoT Security Compliance Framework recommends some of the following actions and practices:

  • IoT devices’ processor systems must have an irrevocable hardware Secure Boot process.
  • IoT devices must have controls to prevent the access and use of unauthenticated software.
  • Software updates for the devices must be digitally signed, have a signing certificate, and signing certificate chain verified.
  • IoT devices’ reset passwords must be always unique to each device in a product family.

Besides these general recommendations, organizations must do the work to guarantee authentication mechanisms and processes for the IoT devices. Authentication should exist on multiple layers: device, user, and system. 

At this stage is where companies should oversee the implementation of close-fitting security controls. 

Future-Ready Businesses

Working from home is unsafe and reckless by default. This means that, unfortunately, businesses have to go the extra mile to protect their assets while their professionals are away, operating in less-than-ideal circumstances.

In what may be bad news for many organizations, the current WFH situation could be very far from changing. We could be facing a “definitive” work culture, a work style that has come to stay. And while the switch towards WFH was inevitable, COVID-19 sped it up tenfold.

This means that sooner or later, companies will have to invest to protect their operations accordingly. Undoubtedly, when it comes to cybersecurity, sooner is always better.

Related Posts

Colonial Pipeline Hack: What We Know So Far

On May 7th, Colonial Pipeline experienced a significant cyberattack that resulted in a total shutdown of its operations, leading to widespread fuel shortages. Shortly thereafter, it became evident that the incident involved ransomware, with reports indicating that the company made a payment of nearly US$5 million to the attackers, which contradicted their public statements. The cybercriminal organization, known as DarkSide, issued an atypical apology, asserting that their motive was profit rather than chaos. As Colonial Pipeline initiates the process of resuming operations, developments concerning DarkSide follow a surprising trajectory. Explore the complete narrative behind this critical cyber incident and its broader implications.

Read More

Ransomware attack halts Sierra Wireless Production Activities

Sierra Wireless, a leader in internet-of-things solutions, recently fell victim to a significant ransomware attack that brought its production activities to a standstill. The incident, which began on March 20th, not only disrupted manufacturing but also affected internal operations and the company’s website. As the team works diligently to restore systems, questions loom about the potential impact on customer data and the overall financial repercussions. With cybersecurity protocols in place, the company remains tight-lipped about the specifics of the attack. Discover how this incident reflects the growing threat of ransomware in today’s digital landscape.

Read More