Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

The risky door that telecommuting can open to your network

By Benny Lakunishok
Gaps in Cybersecurity Programs
July 24, 2020

With telecommuting here to stay, now is the perfect time to re-examine just how much network access you are giving your users and machines. You might be shocked to see how open your network really is. Most organizations allow more access than their users or machines will ever need or should ever have – this excessive trust is what allows attackers who get into the network to spread and cause a lot of damage.

 

Telecommuting is good as long as it is secure

American companies are currently discussing the how’s and when’s of returning to physical offices. A recent survey conducted by Zero Networks indicated that 70 percent of employees say they are expecting their company to offer the option to continue to work from home. This is because many companies, who were suddenly forced to make their workforce remote, in response to stay-at-home orders during the global pandemic, found their employees were able to maintain productivity and sustain workplace contributions from their makeshift home offices. As a result, many are considering more flexible, permanent telecommuting options for those workers that can do their jobs from anywhere.

However, the same survey indicated 36 percent of employees feel their company does not have the security tools in place to support long-term remote work. The reality is that telecommuting can expand the attack surface of the organization. It adds new networks, hot spots, phones, laptops and other devices into the mix – most of which are completely out of the organization’s direct control.

Suddenly, it is not just your employee and their laptop and phone that you need to worry about, but also their kids and their kids’ devices or the people at the local coffee shop that could pose a problem. It only takes one device on a home network or hotspot to become infected to potentially put your network at risk.

If an infected device is used to access the network, using some sort of secure connection, such as a virtual private network (VPN), the attacker is now inside and can access everything that employee can access. For most organizations, that’s a lot - we’ve seen that close to 71 percent of the network is usually accessible from any given machine inside the network. That’s way more access than any user will ever need or ever should have. This excessive trust is the primary reason why attacks are so successful.

 

We’re still dealing with the relics of perimeter defenses

If you have been in cybersecurity for even just a few years, you have probably come across the phrase, “the perimeter is dead and gone.” It is true, with the advent of mobile and cloud-native architectures, people can now be anywhere, using any device, to access any information or service, any time. The idea that you can build a wall (perimeter) and protect your critical resources and information is moot because those resources and information can literally be everywhere. The problem is the “soft center” that was your internal network is now everywhere too.

Unfortunately, defenses to protect resources wherever they are, with the ability to restrict access to only those users and devices that absolutely need it, hasn’t kept up. Instead, IT and security teams are struggling to try to make technologies, which were built during the days of the perimeter, such as router access control lists (ACLs), firewalls and network access control (NAC) systems, work for today’s perimeter-less environments. As a result, organization’s find themselves spending a ton of time and resources trying to make a square peg fit into a round hole.

 

What’s needed to support secure network access

What’s needed is a way for organizations to create, manage and maintain controls tailor-made for each and every user and device in the network, so it can only access what it should. To sustain this least privilege or zero trust stance (you choose which security buzzword you prefer), takes the use of advanced automation and smart self-service that ensures users have access to only the resources they need when they need them, without having to get security or IT involved.

Imagine, if every time you wanted to access your Gmail account from a new machine, you had to get in touch with Google’s IT and ask them to create and push a new rule for you? It simply doesn’t scale. Unfortunately, that’s what current network security solutions require today.

What you want is what Gmail actually does. When you go to access your email from a new machine, you simply have to prove it is you, by authenticating with your phone. After a few seconds, when everything checks out, you are on your way. In the background, Gmail automatically updates your policy, so next time, when you access your account from this new device, you don’t have to go through the process again. It’s simple and protects your email from unauthorized use.

We need the same thing for network access. We need to automate the policy creation and update process, so that each and every user in your network is restricted to only those resources they need to do their job, nothing more. If they need to make a new connection, they should be able to, after a simple self-service phone verification process that proves it is them.

This way, if an attacker gets into the network their access is limited and they can’t get more because they can’t prove they are legitimate. This will significantly reduce lateral movement, zero day exploits, ransomware and commodity malware propagation, and privilege escalation attacks. It also ensures that regardless of where a user is coming from, whether it’s their desk at the office or in their home, they are not creating any undue risks for your environment.

KEYWORDS: COVID-19 cyber security information security remote workers risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Benny lakunishok

Benny Lakunishok is co-founder and CEO of Zero Networks. He has been in cybersecurity for more than a decade. He was part of the leadership team of Aorato, which was a disruptive detection platform, acquired by Microsoft. He went on to lead the product team in Microsoft responsible for the Aorato technology, as well as the team that integrated Microsoft’s acquisition of Hexadite into the portfolio. Prior to Aorato, he was a senior premier field engineer for Microsoft and in the security team of an elite intelligence unit within the Israeli Defense Forces. He holds a BS in computer science from the College of Management Academic Studies in Israel.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

    The four insights network metadata can reveal about your compromise level

    See More
  • biometrics-freepik65903.jpg

    How can enterprises support remote working without opening the door to occupational fraud?

    See More
  • data privacy

    Accidental database breaches are on the rise – How can your company avoid becoming the next headline?

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!