The pandemic turned the workforce on its head. Forced to transition to a remote-first environment quickly many were caught off guard. Now, many find themselves ensnared in a battle to deal with the security risks of remote workers. To make matters worse, there appears to be no going back. A recent Upwork survey indicates that 36.2 million Americans will be working remotely by 2025. This year, companies are taking a hard look at their security posture in preparation for the cybersecurity risks in a remote-first workplace. Let’s discuss a few of the issues companies will face and a few suggestions on how to deal with them.
Increased Cybersecurity Threats for Productivity Endpoints
The spike in remote work increases the landscape of an already threat-filled cybersecurity environment. And it’s not just employee devices such as MacBooks and Windows laptops that pose a problem. Companies are now dealing with endpoints due to increased reliance on cloud resources such as Virtual Machine (VMs) and containers. Given this, a new approach to deal with these endpoints is needed. So what needs to be done?
Protection Above the OS
On-device encryption is a critical first step in securing these devices. Additionally, it is important to have monitoring and threat detection in place with robust plans to remediate issues. While necessary, these tools should not slow down the device. Doing so could frustrate workers and lead them to try and circumvent these measures.
This is evidenced in a recent study by HP that indicates that “full 30% of remote workers under the age of 24 say that they circumvent or ignore certain corporate security policies when they get in the way of getting work done. While the young cohort is most likely to buck the system, 67% of IT leaders say they get “weekly” complaints about restrictive policies and 48% of all workers feel that these measures are a waste of time.
Protection Below the OS
Increased firmware and hardware attacks put the BIOS and chip authentication mechanisms at risk for hacking. If compromised, a hacker has access to all data and credentials stored on the machine. All of which allows them to infiltrate the network and launch a broader attack on the organization’s IT infrastructure.
Artificial Intelligence and Machine Learning
The sophistication of cybersecurity threats increases daily. Traditional threat detection systems are struggling to keep up. Companies can no longer afford to wait days for a software update or patch. They need real-time protection to give them the best chance of protecting their infrastructure. AI and ML-based security tools can do just that. They can observe behavioral patterns to spot unusual activity.
Bring Your Own Devices (BYOD) have always made the IT department shudder. For many companies, the potential to save money downplayed the security risks associated with it. With BYODs the company does not have to purchase new devices for employees. Plus, allowing them to use their devices cuts down on the learning curve because they are accustomed to using these devices. This flexibility, however, poses a major threat to data security.
IT has little to no control over these devices. As an example, many companies perform patches and upgrades after hours. Without direct access to these devices, these types of upgrades could be delayed further their exposure to cybersecurity threats.
The problem is that many employees don’t know best practices such as using a VPN or not saving company data on their devices. Equipping employees with knowledge will go a long way towards reducing the many cybersecurity threats. A good training program should cover the following items.
Physical Security: Educate employees on what they must do to secure devices. Not only that, outline what they must do to protect their physical workspace.
Password Best Practices: Teach employees how to set strong passwords. Help them to understand why password security is important. Also, teach them best practices such as not writing passwords down or sharing them.
Safeguard Work Data: Instruct them on how to use secure connections to a VPN. Also, make sure they use encryption software and up-to-date antivirus and anti-malware protection on their devices.
The average organization is targeted by over 700 social engineering attacks in a year. In the office, employers can install technological controls to reduce the risks of these types of attacks. Working from home makes employees less vigilant about security.
Employees don’t realize that even the most simple request can pose serious risks. Consider, for example, a criminal targets two or three employees. The criminal sends a fake email that looks like it comes from the person’s manager. The message stresses that the person needs to send a password to ensure everyone gets paid on time. Here, the attacker used fear and exploited human nature to be helpful to gain sensitive information.
Remote work isn’t going away. It is becoming the new norm. Given this, companies must take additional measures to protect their systems in a landscape where they have less control over employee devices and networks.
VTech io has built a full layered security solution designed to protect each segment of the network. Our services include a cybersecurity risk assessment, network monitoring services, enterprise email security and vulnerability and penetration testing services to name a few. Click here to download our free security guide.
Also, watch this video for a great overview: