Most security experts, IT workers and leaders understand that the pandemic brought a decline in business and digital safety. A big part of that is the rush to get set up at home and establish remote work security. But why, exactly? It turns out that surprising factors degraded the security of the remote workforce.

Let’s start with the most obvious: remote work security. The pandemic ushered in a sudden and unplanned experiment with remote work at scale. First, employees stopped working in physically secure locations inside firewalls with approved devices and started working from home. It’s something of a cliche to say that remote work expands the attack surface. But the fallout of this is just now becoming clear. The change brought a lot of remote work security challenges.

Remote Work Security Factors: Poorly Vetted Tools

The rush to remote work demanded new tools, but employers didn’t have time to vet that tech for safety. As a result, apps and services are, on average, less secure than they used to be. Nearly three-quarters (74%) of 1,300 security leaders surveyed by Forrester Consulting say recent cyber attacks come from vulnerabilities in tech deployed during the pandemic.

More Shadow IT

Employers literally leave their people to their own devices when working at home. Many employees are being creative about which devices they use for work, threatening remote home security. Remote employees connect over home networks that also serve smart thermostats, connected toys, home entertainment systems, gaming consoles and many random home Internet of Things (IoT) devices. These devices are likely to lack physical security and tend to be rarely or never updated.

Lack of Visibility

Making matters worse, organizations lack visibility into the home networks of remote staff. This, in turn, creates barriers to organizational cybersecurity.

Increased Use of Cloud Services

Another huge problem, whose scale the security company Zscaler recently uncovered, is that large companies often have hundreds of cloud servers exposed to the public internet. By “exposed,” they mean that anyone can connect if they can find the services. Many organizations are unaware. And 80% of both security and business leaders said they face greater risk because of both remote work security issues and moving critical functions to the cloud, according to Forrester.

The Rise in Widely Distributed Connections

Globalized, mobile and nomadic workforces — all features of the remote work trend — make it harder to detect threats. That login coming from eastern Europe could be a ransomware gang probing your defenses. Or, it could be your sales manager. Location is now weaker as a data point for detecting odd behavior.

COVID-19 Concerns

Attackers use COVID-19-related content for social engineering phishing attacks matched to anxiety-engendering news reports, according to Proofpoint’s Human Factor Report. Remember, a big part of remote work security is getting rid of human error.

Explicit Targeting of Remote Work Security

Some 67% percent of cyber attacks on businesses targeted remote employees, according to the Forrester report.

Increase in Online Transactions

With more people buying more stuff online, the number of chances to target both online retailers and their customers rose.

Both remote work security needs and hybrid work security needs will be with us for a very long time. So, we need to rethink cybersecurity. Now, we need to embrace more comprehensive ideas like zero trust and using tools to gain visibility into everything connected to our networks. We also need more comprehensive cloud security solutions and better employee training with remote working safety tips and management around cybersecurity. Companies need to develop a whole new set of best practices for working from home.

More from Mobile Security

Third-Party App Stores Could Be a Red Flag for iOS Security

4 min read - Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…

4 min read

A View Into Web(View) Attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

9 min read

How the Mac OS X Trojan Flashback Changed Cybersecurity

4 min read - Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…

4 min read

Switching to 5G? Know Your Integrated Security Controls

4 min read - 5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides the level of trust required by users today and in the future? The Benefits of 5G 5G's new use cases come from: Customized network slices…

4 min read