Security threats and cyberattacks don’t always originate from outside the walls of a company business. They also can start with a few keystrokes from an employee, often unknowingly, while working on a company-owned or personal computer. Many cyberattacks begin with phishing emails that compel someone to click on a link that may connect an outside threat to the heart of a company’s computer network. The COVID-19 shutdown sent many employees home to work remotely, often using their computer equipment. Since then, mitigating security threats with remote or hybrid workforces has been a significant challenge.
Data leakage is higher with devices used for work and personal accounts, especially when unsecured or public Wi-Fi networks are used to access an internet connection. Personal devices are also more prone to malware infections that can spread to a corporate network after a user connects to the corporate system. One study revealed that human error is the leading cause of 95 percent of cybersecurity breaches. Additionally, 20 percent of remote workers and 63 percent of businesses have suffered a data breach since the pandemic.
The Risk of Interconnected Workspaces
The days of relying solely on standalone, on-premises IT systems and connected desktop computers in an office environment are long gone. While it may seem easier to establish a higher standard of cybersecurity in centralized workplaces, the interdependency of systems, such as when a personal laptop used by a remote worker connects to their company’s mainframe via the internet, presents an additional cybersecurity challenge.
One survey predicted that by the end of 2023, 48 percent of knowledge workers were expected to work remotely fully or in a hybrid arrangement. Another report forecasted that by 2025, as many as 36.2 million Americans will be working remotely. If hackers gain access to vital information on employee laptops or mobile devices, they may also gain entry to the company’s on-premises database or data stored in a cloud service.
Building a Line of Defense
The first step to protect against cyberattacks is to start with an inventory of which devices and data need to be protected, including laptops and mobile devices used to conduct company business. Then, implement cybersecurity best practices, including:
- Use strong alphanumeric and unique passwords. These are the first line of defense and are strengthened when used with multifactor authentication, which involves at least two factors or steps.
- Treat unfamiliar emails carefully. Remind employees to think before clicking on an unfamiliar email and to watch for phishing attacks that tempt the user to click on a link once that message is opened. Some of the most notorious cyberattacks have started with an employee clicking on a suspicious URL from an unknown sender. A successful phishing attack directed at MailChimp employees led to unauthorized access to select user accounts, underscoring the importance of training employees on how to spot phishing attacks.
- Invest in hard token devices. Hard token devices are plugged into laptops and generate single-use passwords for logging into computer systems. They provide a higher level of security than passwords or multifactor authentication. Tokens can also be used with passwords or biometric authentication (like fingerprint scanning) as an additional layer of defense.
- Use encryption to convert files and data into code. Encryption makes it harder for hackers to break into a device and steal information. An encrypted hard drive requires a specific encryption key to access. It’s also ideal to use a virtual provider network (VPN) that encrypts users’ internet traffic and disguises their identities when using a laptop in public for work purposes, such as at a coffee shop, where security can be an issue if users log onto public Wi-Fi networks.
- Back up data to a cloud service and ensure laptop security software is current. Use cloud services, such as Dropbox or Google Drive, to back up the computer’s hard drive regularly. Keep apps and systems updated (including device drivers) with software security patches to help defend against zero-click attacks. Laptops or other remote devices don’t have to be in use for infections to occur. With new viruses a constant threat, keep antivirus software packages up to date and ensure that personal and company laptops mirror each other security-wise.
- Protect against harmful AI and ML technology. Another key factor in cybersecurity is the role of AI and machine learning (ML), which hackers can use as tools. It is vital that cybersecurity software is developed to detect and counteract AI corruption attacks and that it constantly evolves to address new threats.
Stress Cybersecurity in an Organization’s Culture
An entrenched organizational philosophy, dedication to, and commitment to cyberthreat avoidance from top to bottom is essential, especially where breaches can begin with something as simple as a phishing attack. One way to develop that culture is through constant, updated security awareness training, with a particular focus on laptop security. Many companies offer interactive cybersecurity training, with techniques that include surprise simulations, gamified assessments, role-playing, and education tied to daily activities to keep data security top of mind.
Training programs should address specific challenges related to remote work, such as secure home network setup, appropriate use of personal devices, and tips for recognizing phishing attempts. Some insurance policies or governing organizations may require cybersecurity training for specific employee roles, so it’s important to stay on top of critical compliance issues. When combined with security policies, the latest technology, and security software, organizations can establish a strong line of defense against cyber threats.
An Ongoing Battle
It’s not just desktop computers and on-premises server farms that are the targets of cyberattacks. Laptop computers, especially personal computers, may not have the same level of security. Even after several decades of reading about how clicking on a suspicious email led to security attacks, it still happens. The cost related to cybercrimes is estimated to reach 10.25 trillion dollars by 2025. This highlights how regular and consistent employee training and a company ethic that emphasizes digital security are imperative. It’s about staying vigilant, anticipating the next wave of more sophisticated cyberattacks, and developing an action plan to stop them.
