Millions of workers have been operating out of their homes since the spring, and many will continue to do so at least part time even after the COVID-19 pandemic is over and officials deem it safe to return to the office.
However, that rapid dispersion of the workforce largely didn’t account for cybersecurity, and IT teams had to scramble to roll out solutions that kept employees and the company secure as threat actors ramp up their attacks.
“Obviously the massive and fast shift for companies to a work-from-home posture caused quite a substantial set of new problems,” Eric Schwake, a product marketing manager for emerging endpoints at enterprise security company Proofpoint, said via email to My TechDecisions.
The company recently underwrote a report from the CyberRisk Alliance, and the findings and interpretation could give IT leaders the knowledge they need to support their organizations’ remote workers going forward.
The cybersecurity problem with remote work
According to the report, 92% of respondents said at least 21% of their workforce is currently remote, and 23% said at least 80% worked from home. Further, 54% said they expect to have a permanent remote workforce six months from now.
“The survey made it clear that work from home is something many organizations are going to stick with for the foreseeable future – and they are examining numerous fundamental ways to change things to increase their security posture,” Schwake says.
Respondents to the survey in both the U.S. and Europe said monitoring or enforcing risky end-user behavior was their top challenge, with securing cloud application data and preventing malware infection listed as the second biggest challenge, respectively.
The survey also queried IT leaders on their top risk factors, and respondents in the U.S. and Europe both listed malware and insecure home IT devices as the first two.
Meanwhile, U.S. professionals say phishing attacks are their third largest threat, while Europeans say insecure personal clouds round out the top three.
Risky end-user behavior could be as simple as checking email or browsing the internet – especially with employees working in isolation. Remote workers can be prime targets for social engineering attacks, Schwake says.
“Because employees feel more ‘alone’ when working from home they can become prime target for social engineering type attacks,” he says.
Combined with the inherently unsecure nature of home networks and potentially unpatched routers, there should be a greater emphasis on securing the remote workforce, Schwake says.
What IT leaders are doing to secure their remote workforce and plan for the future
Corporate-owned devices can still be secured with tools like endpoint security and VPN tools, but personal devices being used for work are difficult for IT departments to secure.
“If the employees are using their own devices we have seen organizations try and enforce various security controls such as enhanced email security and also agentless secure access solutions,” Schwake says.
“Beyond that, employee education has become more important to teach them about the risks of working from home so that they can become part of the solution when potentially encountering security threats.”
According to Schwake, IT leaders want solutions that can protect their end users regardless of the device their using, tools to monitor end users to ensure corporate data can’t be compromised, and methods to scale their architecture to ensure users have access to corporate data regardless of their network or device.
This includes things like:
• Increasing their email security
• Implementing remote browser isolation
• Implementing a virtual private network (VPN)
• Going to a fully Zero Trust framework
• Increase compliance measures
• End user education
As remote work continues to permeate the corporate world, organizations are rethinking their infrastructure to ensure that they can maintain business continuity, as half of respondents said they will adopt more robust business continuity and digital transportation programs, and nearly half said they plan to implement a Zero Trust framework going forward.
IT leaders should learn from the events of this year and ensure their organizations are prepared as much as possible for a similar situation in the future.
“Ensuring employees have secure and scalable access is a requirement to ensure a high level of employee productivity in even the most extreme circumstances,” Schwake says.
“Having a plan in place and implemented will help prevent many of the headaches that this pandemic has caused for organizations around the world.”