Most security experts, IT workers and leaders understand that the pandemic brought a decline in business and digital safety. A big part of that is the rush to get set up at home and establish remote work security. But why, exactly? It turns out that surprising factors degraded the security of the remote workforce.

Let’s start with the most obvious: remote work security. The pandemic ushered in a sudden and unplanned experiment with remote work at scale. First, employees stopped working in physically secure locations inside firewalls with approved devices and started working from home. It’s something of a cliche to say that remote work expands the attack surface. But the fallout of this is just now becoming clear. The change brought a lot of remote work security challenges.

Remote Work Security Factors: Poorly Vetted Tools

The rush to remote work demanded new tools, but employers didn’t have time to vet that tech for safety. As a result, apps and services are, on average, less secure than they used to be. Nearly three-quarters (74%) of 1,300 security leaders surveyed by Forrester Consulting say recent cyber attacks come from vulnerabilities in tech deployed during the pandemic.

More Shadow IT

Employers literally leave their people to their own devices when working at home. Many employees are being creative about which devices they use for work, threatening remote home security. Remote employees connect over home networks that also serve smart thermostats, connected toys, home entertainment systems, gaming consoles and many random home Internet of Things (IoT) devices. These devices are likely to lack physical security and tend to be rarely or never updated.

Lack of Visibility

Making matters worse, organizations lack visibility into the home networks of remote staff. This, in turn, creates barriers to organizational cybersecurity.

Increased Use of Cloud Services

Another huge problem, whose scale the security company Zscaler recently uncovered, is that large companies often have hundreds of cloud servers exposed to the public internet. By “exposed,” they mean that anyone can connect if they can find the services. Many organizations are unaware. And 80% of both security and business leaders said they face greater risk because of both remote work security issues and moving critical functions to the cloud, according to Forrester.

The Rise in Widely Distributed Connections

Globalized, mobile and nomadic workforces — all features of the remote work trend — make it harder to detect threats. That login coming from eastern Europe could be a ransomware gang probing your defenses. Or, it could be your sales manager. Location is now weaker as a data point for detecting odd behavior.

COVID-19 Concerns

Attackers use COVID-19-related content for social engineering phishing attacks matched to anxiety-engendering news reports, according to Proofpoint’s Human Factor Report. Remember, a big part of remote work security is getting rid of human error.

Explicit Targeting of Remote Work Security

Some 67% percent of cyber attacks on businesses targeted remote employees, according to the Forrester report.

Increase in Online Transactions

With more people buying more stuff online, the number of chances to target both online retailers and their customers rose.

Both remote work security needs and hybrid work security needs will be with us for a very long time. So, we need to rethink cybersecurity. Now, we need to embrace more comprehensive ideas like zero trust and using tools to gain visibility into everything connected to our networks. We also need more comprehensive cloud security solutions and better employee training with remote working safety tips and management around cybersecurity. Companies need to develop a whole new set of best practices for working from home.

More from Mobile Security

Juice jacking: Is it a real issue or media hype?

4 min read - You get off a flight and realize your phone is almost out of battery, which will make getting an Uber at your destination a bit challenging. Then you see it — a public charging station at the next gate like a pot of gold at the end of the rainbow. As you run rom-com style to the USB port, you may briefly wonder if it’s actually safe from a cybersecurity perspective to plug in your phone. The answer is technically…

Third-party app stores could be a red flag for iOS security

4 min read - Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…

A view into Web(View) attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today