Four walls, a sea of cubicles and the rest of the traditional office accoutrements are no longer standard in the working world. The number of innovative co-working spaces continues to rise around the world, and this doesn’t even include coffee shops, libraries and numerous other public places that offer free Wi-Fi. That means that your staff can be very mobile and work from just about anywhere.

It’s important to consider the security implications of what these itinerant workers are doing. IT managers are challenged to keep their networks and data secure while encouraging remote workers to be productive, whether they’re dialing in from the local WeWork or reviewing emails at McDonald’s.

Examine Your VPN

First and foremost, IT managers must consider the company’s virtual private network (VPN) technology and usage policy. Ensure that the VPN can support not only traditional PC endpoints, but also tablets and smartphones. It’s important to protect all business traffic from outsiders, whether that’s the person sitting next to you in a co-working space to an insider eavesdropping over the network to capture corporate secrets or login identities. If you haven’t examined VPNs for several years, it might make sense to review your provider and examine the latest versions from Cisco, Watchguard, Check Point, SonicWall, Juniper and others.

Speaking of eavesdropping, you might also want to equip your remote staff with plastic screen protectors that limit the field of view. Given how closely packed many of us are on planes and in coffee shops, this is a smart preventative measure.

Connecting Securely From Co-Working Spaces

If you are supporting a mixed bag of different remote endpoint devices, it might make sense to consider using virtual desktops to provide a unified collection of Windows endpoints. This is particularly true if you are supporting many Windows-based applications.

In addition, you should review your corporate password policy to make sure you have support for more complex passwords and use of multifactor authentication. Also consider using single sign-on (SSO) tools to automate and improve access to various network and online resources.

Finally, ensure that your remote workers understand how to connect properly from co-working spaces. Provide appropriate training materials that demonstrate the consequences of using open Wi-Fi networks and falling for phishing schemes.

More from Application Security

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today