Organizations didn’t have much time to prepare when the pandemic forced a sudden shift to a work-from-home (WFH) model. Many employees and even IT managers had no choice but to figure it out on the fly. Given the circumstances, businesses were remarkably successful at navigating such a significant change to continue functioning.
In the race to enable remote work, however, many organizations neglected cybersecurity. Left to their own devices, literally, most employees don’t have the tools or knowledge to keep company assets secure. This fact is not lost on the bad guys as cybercriminals have ramped up their attacks to take advantage of WFH environments.
One research study reported a 17 percent year-over-year increase in viruses in January 2020, a 52 percent increase in February, and a 131 percent increase in March. About 600 new phishing attacks per day were documented. Many of these attacks included ransomware, remote access trojans, and other malware designed to exploit endpoints and Remote Desktop Protocol (RDP).
WFH Security Lessons Learned in 2020
Remote working has continued into 2021. With many organizations planning to expand WFH capabilities and even downsize their physical workspaces, it’s time to take a step back and examine the impact of WFH models on cybersecurity.
-
1) Collaboration tools are a weak spot. As meetings switched to Zoom and Teams, cybercriminals started creating fake ads promoting software updates to these platforms, which were used to install malware. Organizations need to make sure employees are using secure, business-grade platforms, not home versions.
2) Employee-owned devices are risky. This isn’t just about mobile devices. Home laptops, printers and routers are targets for hackers and often fail to meet compliance requirements. According to a study from BitSight, 45 percent of organizations had home devices with at least one malware infection accessing the company network.
3) VPN connectivity is ideal. When multiple family devices share the same Wi-Fi network, a VPN can protect sensitive data by creating an encrypted communication channel between your device and the company network. RDP is far more vulnerable.
4) Cloud misconfigurations can expose data. Cloud infrastructure is secured and monitored by the cloud provider, but your data is only secure if your cloud environment and user permissions are configured correctly. Hackers have tools to search for and exploit cloud misconfigurations.
5) Insider threats are very real. Insider threats aren’t just employees with an axe to grind. They often involve employees who don’t follow security best practices and are unintentionally negligent with company assets. This is more likely when working remotely with more distractions and less supervision.
6) A remote and mobile security policy is a must. With remote working came increased reliance upon mobile devices. Organizations need to ensure they have security policies in place so that remote and mobile users understand the risks and their responsibilities.
7) Security awareness training reduces risk. Phishing attacks succeed by fooling humans, not technology. All employees, but especially remote workers, should receive ongoing training so they can understand and spot threats and report security incidents.
Now that you better understand security issues related to WFH models, it’s time to take action. Verteks can help you implement the necessary security measures and employee training to protect your data, applications and communications. Contact us today to schedule a confidential consultation.
