As businesses across the Middle East and Africa send their employees home to work, the need to guard against cyberattacks is greater than ever. These simple measures can help keep your workforce secure
We’ve all been impressed before by the skillful tricks of magicians who’ve mastered the art of misdirection – having your attention focused on one thing they easily manage to distract it from another.
Masses of employees across the Middle East and Africa suddenly working from home and the world’s attention largely distracted, provides an opportunity for opportunistic cyber criminals looking to perform a few tricks of their own.
Most employees, many of whom are working remotely for the first time, are experimenting with more efficient ways to stay in touch with their colleagues, either through different chat applications or via platforms that enable online calls.
Getting to grips with new tech and adapting to a different way of work, along with the added distractions and stresses of almost permanent lockdown, could mean employees pay less attention to the threat of cyberattack than they normally would.
With the security perimeter increasingly porous, and companies’ ability to enforce security policies lessened, it’s more important than ever that business leaders and security officers plan to deal with cyber threats, and quickly.
The reality is that many medium and large companies will already have provisions in place for secure home working. However, many small companies sending their employees home to work for the first time are potentially more exposed. The good news is there are several basic and quick to implement ways they can help their remote workforce remain safe and secure during this time of unprecedented change.
Here are four best practice procedures for your business to follow:
Implement multi-factor authentication
The most important thing to bear in mind is that remote workers still have access to all your company data, information and network. They’re now just accessing all that highly sensitive information through a greater number of devices and using a wider range of internet connections.
This creates the perfect climate for hackers to go on phishing expeditions, particularly more targeted phishing campaigns with a view to accessing high profile credentials. Implementing multi-factor authentication (MFA) requires users to provide multiple credentials in order to log on and gain access, making it much harder for unauthorized users to break in. To implement MFA you can use platforms like Windows Hello biometrics and smartphone authentication apps like Microsoft Authenticator.
Identify official chat tools
Now more than ever, employees will be using chat tools to communicate and collaborate with one another. And while you want to encourage this for the sake of business continuity, you also need to make sure these applications are secure. Without the right security measures in place, cyber criminals can take advantage of these apps and deceive users into downloading malicious links.
One way to avoid this is to designate official chat tools with built-in security features so that employees are provided with a safe and convenient alternative. Tools like Microsoft Teams are available for free six-month trials, making it simple for businesses to support secure and collaborative remote working overnight.
Secure access to cloud apps
Though it’s fair to say most employees will likely be accessing your network from their work laptops, it’s likely you’ll still experience an increase in the number of personal devices accessing your company data.
Because not all of these devices are secure, it’s advisable to use a platform like , which helps you secure access to cloud applications which involves an authentication process with sign-ins and security defaults that helps your company enforce its organisational policies around access to information.
Conditional Access allows you to apply the right access controls when needed to keep your organisation secure and stay out of your users’ way when not needed. Remember also to look at any policies you have set already, to make sure they don’t block access for users working from home.
Instill greater awareness among employees
Now more than ever employees themselves need to be aware of possible phishing threats. Make sure they’re aware of the warning signs – for example, urgent mails that make use of emotive language and call for a departure from company policy, and guide them as to where they can report suspicious activity. Now is also a good time to remind them of the need for strong passwords and suggest they change weak ones, especially on personal devices they now plan to use for work.
Employees also need a basic understanding of conditional access policies and what their devices need to connect to the corporate network, like up-to-date anti-malware protection. This way employees understand if their access is blocked and what they need for it to be re-instated.
It’s also a good idea to provide your staff with clear communication around connecting securely to the internet. For example, help employees understand why downloading and using consumer or free VPNs is a bad idea. These connections can extract sensitive information from your network without employees realising. Instead, offer guidance on how to leverage your VPN and how it’s routed through a secure VPN connection.
With so many businesses across the region implementing work from home policies, there’s little doubt cybercriminals will be looking to take advantage of remote workers in any way they can. However, implementing best practice security tools and procedures will help you go a long way to guarding against these threats.