The massive influx of remote workers has raised new challenges for security professionals – namely, how to maintain the same security posture that was in place when workers were predominantly office based.
While much of the cyber security news agenda around the coronavirus outbreak has focused on the opportunistic, callous nature of cyber criminals, for whom this presents a golden opportunity to spread chaos and make a fast buck, for the average business cyber security is about more than keeping abreast of threat campaigns, bug disclosures and cyber attacks.
Currently, the biggest concern for chief information security officers (CISOs) and other security professionals is maintaining their organisation’s cyber security posture during a period where the vast majority of office-based, IT-reliant workers are going to be working from home.
As Tal Zamir, founder of Hysolate, an Israel-based supplier of software-defined endpoint technology, explains, the transition to a temporary state of compulsory remote working surfaces challenges old and new.
If it’s not too late, lay the groundwork
Assuming it is not already too late to do so, IT and security teams should do their best to get out ahead of the transition to mass remote working by taking a few preparatory steps, says Liviu Arsene, a global cyber security researcher at BitDefender.
“Before deciding to enforce work-from-home policies, IT and security teams need to assess their current resources, project how much strain they need to support to enable remote employees to work in optimal conditions, and assess what risks need to be factored in and address,” says Arsene.
Online threats to remote workers
Before delving into the tips, let’s take a look at a few of the online threats that remote workers should be aware of.
- Unsecured wifi networks: Most workers will be working out their home where they can secure their wifi. But some may have to use unsecured public wifi networks which are prime spots for malicious parties to spy on internet traffic and collect confidential information.
- Using personal devices and networks: Many workers will be forced to use personal devices and home networks for work tasks. These will often lack the tools built in to business networks such as strong antivirus software, customized firewalls, and automatic online backup tools. This increases the risk of malware finding its way onto devices and both personal and work-related information being leaked.
- Scams targeting remote workers: We’ll likely see an increase in malicious campaigns targeting remote workers. What’s more, with many employees lacking remote work opportunities, we’ll no doubt see an increase in the prevalence of work-from-home scams.
Thankfully, armed with the right knowledge and tools, you can stave off many of these threats and continue getting your work done.
Beware remote desktop tools
Many employers will be allowing employees to access their work networks via Remote Desktop Protocols (RDPs). While this can be secure, a 2019 Check Point study found security problems with some of the most popular RDP tools for Linux and Windows.
Endpoint security and the CISO’s dilemma
“The Achilles’ heel for many IT teams will be securing endpoints that remote workers use to
connect to the corporate network, endpoints that now will be fair game for cyber criminals,”
says Zamir at Hysolate.
“Users prefer to use a single device with a single set of peripherals, without switching between devices. They would like to have direct connectivity to their apps and data, without any added network latency, both in the corporate network, in the cloud, and in their personal home network,” says Zamir.
“They expect to always work natively and locally and have fast, responsive applications. They want to be able to print with their home printers and to be able to use their Wi-Fi networks at home or at the coffee shop.” For this reason, CISOs must walk a fine line between overly restricting user behaviour and optimising cyber security hygiene. If the restrictions are too tight, you risk alienating your user base and choking their ability to work productively, but if the restrictions are too loose, you risk exposing your business to unacceptable levels of risk.
Read more about remote working Download Whitepaper Now