Most security experts, IT workers and leaders understand that the pandemic brought a decline in business and digital safety. A big part of that is the rush to get set up at home and establish remote work security. But why, exactly? It turns out that surprising factors degraded the security of the remote workforce.
Let’s start with the most obvious: remote work security. The pandemic ushered in a sudden and unplanned experiment with remote work at scale. First, employees stopped working in physically secure locations inside firewalls with approved devices and started working from home. It’s something of a cliche to say that remote work expands the attack surface. But the fallout of this is just now becoming clear. The change brought a lot of remote work security challenges.
Remote Work Security Factors: Poorly Vetted Tools
The rush to remote work demanded new tools, but employers didn’t have time to vet that tech for safety. As a result, apps and services are, on average, less secure than they used to be. Nearly three-quarters (74%) of 1,300 security leaders surveyed by Forrester Consulting say recent cyber attacks come from vulnerabilities in tech deployed during the pandemic.
More Shadow IT
Employers literally leave their people to their own devices when working at home. Many employees are being creative about which devices they use for work, threatening remote home security. Remote employees connect over home networks that also serve smart thermostats, connected toys, home entertainment systems, gaming consoles and many random home Internet of Things (IoT) devices. These devices are likely to lack physical security and tend to be rarely or never updated.
Lack of Visibility
Making matters worse, organizations lack visibility into the home networks of remote staff. This, in turn, creates barriers to organizational cybersecurity.
Increased Use of Cloud Services
Another huge problem, whose scale the security company Zscaler recently uncovered, is that large companies often have hundreds of cloud servers exposed to the public internet. By “exposed,” they mean that anyone can connect if they can find the services. Many organizations are unaware. And 80% of both security and business leaders said they face greater risk because of both remote work security issues and moving critical functions to the cloud, according to Forrester.
The Rise in Widely Distributed Connections
Globalized, mobile and nomadic workforces — all features of the remote work trend — make it harder to detect threats. That login coming from eastern Europe could be a ransomware gang probing your defenses. Or, it could be your sales manager. Location is now weaker as a data point for detecting odd behavior.
Attackers use COVID-19-related content for social engineering phishing attacks matched to anxiety-engendering news reports, according to Proofpoint’s Human Factor Report. Remember, a big part of remote work security is getting rid of human error.
Explicit Targeting of Remote Work Security
Some 67% percent of cyber attacks on businesses targeted remote employees, according to the Forrester report.
Increase in Online Transactions
With more people buying more stuff online, the number of chances to target both online retailers and their customers rose.
Both remote work security needs and hybrid work security needs will be with us for a very long time. So, we need to rethink cybersecurity. Now, we need to embrace more comprehensive ideas like zero trust and using tools to gain visibility into everything connected to our networks. We also need more comprehensive cloud security solutions and better employee training with remote working safety tips and management around cybersecurity. Companies need to develop a whole new set of best practices for working from home.
I write a popular weekly column for Computerworld, contribute news analysis pieces for Fast Company, and also write special features, columns and think piece...