Securing Your Remote Work

Businesses are adapting to a new world, where working remotely is a necessity for safety and continuing to stay productive.

Remote work has major implications for security, both because home networks and systems tend to be less secure, and because the threats targeting remote workers are significantly on the rise. In the last couple of months, since the coronavirus pandemic began to hit, we’ve observed, and other researchers have documented, a 667% increase in attacks. These attacks include phishing, malware, remote hacking efforts and related threats.

Phishing attacks are targeting email, instant and text messaging to exfiltrate data, take over accounts, inject malware and induce fund transfers. Many are COVID-19 themed, or may appear to come from a colleague, client, vendor or other entity where a relationship exists.

Malware threats are largely focused on ransomware right now, which can both hold your information hostage with the goal of extorting funds for its return as well as exfiltration of the same data to unknown malicious parties. Paying the ransom is rarely a good idea and often you won’t get data back.

Social engineering is another problem on the rise. Malicious parties can potentially spoof a caller ID, making it look like they’re calling from your bank, or your office or another trusted party in an attempt to gain access to information that is privileged or otherwise manipulate you in to doing something harmful to your company.

Malicious hackers are also directing automated attacks against Internet-connected devices more and more. These attacks largely target vulnerable systems, where there is a weak password in place, an unpatched problem, or other exposure that allows them to gain access and exfiltrate data or setup a staging area to launch other similar attacks.

As a result, more robust security measures are warranted to increase resilience against malicious attacks. We recommend that all security initiatives begin with improvements to company policy. Many companies either do not have cybersecurity policies or they are out of date.

Having an up-to-date and robust cybersecurity policy that meets or exceeds any industry regulatory requirements, defines how security is handled, how potential incidents are responded to and what expectations there are of employees, vendors, contractors and the like when it comes to handling data.

Patching software and firmware is fundamental, whether it is a server, computer, phone, network-connected device or otherwise it is crucial that these devices are patched regularly as updates are made available to reduce the chance of attack. Most updates are security fixes that announce what’s wrong and give hackers insight in to how to potentially exploit it.

How patching occurs and with what frequency should be determined by the company’s cybersecurity/IT policy.

Routine training is important as 50% of data breaches happen due to human errors that may be prevented by filling knowledge and awareness gaps. Training can be offered remotely for groups, to ensure that such measures can be taken even during this period of safety-driven isolation.

Passwords are important to keep safe and vary across different accounts. We strongly suggest using a password management tool, such as LastPass, OnePass or KeePass, to manage your passwords. Change them every six months or so, but ensure that unique and strong passwords are used with each account. Not just variations of previous passwords.

Remote management of systems being used by remote workers is an important tool. These management technologies can allow monitoring of status (if there’s suspected malware, updates not installed, software/hardware problems and more). Examples include Microsoft Azure AD + InTune, TeamViewer w/ITBrain, SolarWinds and other solutions. They also allow a more rapid response when something may go awry, even if it isn’t security-related.

Endpoint protection is very important, as many home computers are using lower grades of protection that doesn’t meet the needs of a commercial environment. Anti-virus software targeted at home users typically does not have sufficient security mechanisms in place to guard against and mitigate more sophisticated attacks.

When on-premises resources are shared from the company to remote workers it’s important to do so using a VPN, rather than just a port forward on the network. A VPN provides strong authentication, encryption and better end-to-end security as a result. Backups of all important data should be completed regularly, tested (with a restoration of data) and encrypted.

It’s helpful to consider upgrading home routers to commercial grade firewalls for anyone handling sensitive data and working from home for an extended duration. Like anti-virus software, there’s a big difference between the home router and the commercial firewall insofar as protection is concerned.

Web browsers should be secured using a plug-in like uBlock Origin, which can block known malware sites, advertising (which can link to malware) and more. The less apps, the better. Remove anything not actively used or not important on one’s computer and phone.

It is helpful to have an independent third party that has expertise in security assist with evaluation of your company’s posture and where there is room for improvement on a regular basis. This is often referred to as a cybersecurity audit and remediation, or vulnerability management.

Finally, a DNS blacklisting service, like Quad9, can help to mitigate risk by blocking access to known bad hostnames and domains (including websites).

In summary, consider security an investment. Good security pays in dividends of trade secrets and customer data staying safe, increased stability of systems and networks, as well as significantly reduced risk of reputational, financial and legal liabilities. 80% of attacks can be prevented by having and adhering to a robust security strategy, such as what this article has discussed.

If your company needs a hand with its security, please consider reaching out to Envescent at [email protected] or visit our website for more information at

Photo via Flickr user Blogtrepreneur

Recent Stories

Daily Debrief for Nov 30, 2022

Good Wednesday evening, Arlington. Today we published 5 articles that were read a total of 12854 times… so far. 📈 Top stories The following are the most-read articles for today…

Arlington’s fire and police unions are poised to lose a battle to change the pay scale the county uses — one that union representatives say contributes to ongoing staffing shortages….

Shop Local Winter Bazaar

Shop local this holiday season at the Winter Bazaar taking place Saturday, December 17-18.

(Updated at 10:20 p.m.) It does not appear that the Asian-inspired restaurant Wagamama will be opening in Clarendon this year. Back in March, the London-based chain with more than 200…

Grab some friends and sign up for Parks & Rec’s Eugene J. Green Memorial Winter Basketball League! Adults 18+ can register teams of up to 12 people for the ten-game season. Cost is $765 per team. Games are Mondays and/or Wednesdays at Arlington Mill Community Center starting the week of Jan. 4. Sign up here by Dec. 11.

Submit your own Announcement here.

National Chamber Ensemble – Holiday Cheer!

NCE’s Holiday Concert will bring the finest classical masterpieces and holiday favorites together for the whole family. The festivities begin with Leroy Anderson’s classic “Sleigh Ride” and “Chanukkah Festival”, music from the Nutcracker and by J.S. Bach.

Outstanding Young Artist

Washington-Liberty Annual Holiday Bazaar

Join us Saturday December 3 from 10 to 4 p.m. at W-L High School, for this much anticipated Arlington holiday tradition! We will be featuring over 65 vendors for gift shopping, our student clubs and activities fundraising booths, and food


Subscribe to our mailing list