Securing connected devices for remote work

The ongoing COVID-19 pandemic has taken work out of the office and into the home for most people. This means workers are using their home networks and personal devices to connect to the office more than ever before. This shift in work patterns brings with it new network connectivity and security challenges for IT teams to tackle. Organizations have traditionally not been fully equipped to handle a significant remote workforce, relying on security infrastructure and practices architected for central office locations and networks. In a mostly remote environment, connected devices and home networks pose a serious risk to IT security. As technologies like 5G and cloud continue to become more prevalent, the number of connected devices will only increase as we move into the new year. To combat security challenges in connected devices, organizations need to take a new security approach through monitoring, regular threat modeling, and improved employee education. 

How 5G’s rollout accelerates the use of connected devices 

While 5G initially saw a slowdown in its rollout due to the Coronavirus pandemic, it quickly changed. 5G is now back on track and expected to accelerate its rollout at the end of 2020 and 2021. And now, with the uptick in remote work and learning, 5G connectivity is poised to become a vital part of remote operations—more on that from my colleague, Jason Carolan, here. 5G brings with it more speed, better connectivity, and the potential for people to work all day connected to a 5G network. This presents a new challenge for IT teams, as people are now coming off their networks and doing more work from personal devices like cell phones, which can be challenging to secure as IT teams lack insight into those networks. As we see the rollout and implementation of 5G continue in the coming years, securing the connected devices in these environments will be critical to limit the exposure as these devices are used to access work data for extended periods. 

Cloud security has taken center stage

Well before the COVID-19 pandemic drove work remote, organizations had been migrating workloads to the cloud. Now, as IT teams look for ways to drive efficiency in their operations, cloud is more critical to IT infrastructure than ever before. However, risks arise as people access information from private and public clouds away from the office on their own, unsecured connected devices. Part of the problem is simply that the workforce is less informed about the security risks of and best practices for accessing cloud resources remotely. For most of the technology’s existence, the focus for training has been to support typical workloads on premises versus actively monitoring for and addressing malicious threats to the cloud. But now, as cloud workloads are only increasing, IT teams need to implement more rigorous security practices like penetration testing, monitoring and alerting, and implementing tools such as multi-factor authentication across all critical applications in the organization. VPNs also play an essential role in protecting devices while accessing networks. Estimates show only about 5-10% of employees used a VPN before the start of the pandemic, but that has risen significantly since workers went remote. This has caused a strain on VPN resources for organizations, allowing an opportunity to implement more scalable security models such as zero trust.

Managing the human risks of remote work

It’s no secret that one of the most significant risks for IT teams is often their own coworkers. With employees mostly working from home, the number of connected devices accessing information and work materials has increased significantly. As many organizations did not have enough devices on hand to support a fully remote workforce, many employees are using their personal laptops, tablets and smartphones to work which creates significantly more risk for the organization. When a home network or personal device is compromised, this threat may find its way back to the internal network by compromising a work device on the home network or from a personal device that is remotely connected to the internal network. All of this means hackers and malicious actors have greatly expanded attack surfaces from which to choose. Compounding the problem, employees often lack the technical skills to secure their home networks and devices properly. One of the greatest threats to home networks are the IoT devices, which are generally not very secure and can create a security hole for bad actors to exploit and compromise other devices connected to the same network. With the surge in remote work showing no signs of slowing, IT teams will need to regularly keep their teams informed and provide education to employees around security best practices for working remotely such as segmenting work devices from the rest of the home network. To meet the expanding use of connected devices, IT teams must invest in security tools to scan remote devices and identify threats before they enter the internal network. This approach allows devices to securely connect to the network remotely and give IT teams a better way to manage remote devices.  

Connected devices are here to stay 

As we wrap up 2020 and continue into the new year, the shift toward remote work shows no sign of slowing down. As people trade their work setup for the home office, their reliance on connected devices will only grow. The rollout of 5G and proliferation of cloud environments have only accelerated the use of connected devices and created new vulnerabilities for attackers to exploit. These devices, combined with people working from less secure home networks, means a higher probability of a security breach somewhere within an organization. As businesses adjust to managing a remote workforce, their security practices need to be adjusted accordingly. Giving employees effective education and implementing security practices like zero trust, multi-factor authentication, and network segmentation can make work safer and limit the added exposure from connected devices.