Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

A remote holiday season: Top tips to boost security as cyber hygiene diminishes

By Mary Blackowiak
holiday
December 18, 2020

Nearly two-thirds of workers who have been working remotely during the pandemic would like to continue to do so. While working from home, the boundaries between work and life can decrease or disappear altogether, as employees are using their corporate devices for personal use more than ever before. As we enter the holiday season, IT teams can expect this work/life blend to translate into increased online shopping on corporate devices, which in turn exposes the network to additional cybersecurity threats.

In fact, recent data from AT&T Alien Labs Open Threat Exchange shows a spike in DDoS-related attacks starting in August 2020, targeting multiple industries including retail. The timing of this campaign may be indicative of cybercriminals turning their focus to the retail sector to coincide with the back-to-school shopping season, during a period where employees were working remotely. If this is the case, then it is feasible that they could seek to replicate successful attack methods for the upcoming holiday season.

Whether they were ready or not, remote work has pressured companies to develop new efficient, flexible, and safer ways for employees to work from virtually anywhere. However, working with different remote tools and environments can be difficult to manage and can potentially lead to a discrepancy in how security policies are applied to onsite versus remote employees. With an expected increase in online shopping and malicious emails spoofed as end of year deals, organizations must increase vigilance and provide that users across environments get the same unified protection against threats.

 

How Online Shopping Increases Company Risk

With the holidays upon us, it is highly likely that employees will be spending more time online purchasing gifts and searching for the best deals. It’s almost a certainty that at least some will be browsing on unsecure websites on devices with out-of-date operating systems or browsers. All of this increases the possibility of encountering malware, phishing sites, social engineering, and ransomware. In addition, cybercriminals are launching targeted campaigns that are expanding to include attacks on different types of devices, including Macs and mobile devices, which have historically been considered by many consumers to be well protected.

To add to the complexity, most devices, whether corporate-issued or personally owned, are being used off-network, which often means a loss of visibility and control, and subsequently an increased risk for breach. When corporate assets, network applications, and cloud services are being accessed by under-secured or unmanaged endpoints, the cybersecurity threat surface created by the work-from-home phenomenon broadens. Without new strategies and tools, organizations are likely to fall victim to a higher number of cybersecurity breaches, which could take longer to detect and be costlier and more complex to recover from.

At the same time, Security Operations Centers (SOCs) are overwhelmed, trying to triage substantially more alerts each day with an often-overworked staff and a tight budget. The pressure on SOC analysts and their cybersecurity tools is caused by the rapid expansion in the number and complexity of threats to remote users. These include everything from mobile malware and email-based phishing to ransomware, identity theft, and machine-learning-based hacking algorithms.

 

3 Security Tips to Protect Employees When Vigilance is Reduced

Even with all of the potential cybersecurity threats that correspond with remote work, there are steps that companies can take to protect their employees regardless of where they are or how they are using their devices.

  1. Make it as easy and convenient as possible for employees to connect to VPN

If users are connected to the network, policies from network security devices will be enforced. Conversely, if VPNs are overloaded and make it cumbersome to access applications and data, there’s a higher likelihood that users will try to accomplish their work without connecting. In that scenario, administrators lose visibility and control. Sometimes the solution can be as simple as increasing the capacity of the VPN concentrator or adding more or higher-bandwidth network circuits. However, VPNs are not without their drawbacks. For one, they rely on voluntary action on the part of employees. In addition, they typically provide access to an entire network segment, which is often more than necessary for an employee to complete their job duties. This may needlessly make sensitive information available for view or download. For these reasons, some businesses are evaluating alternative cloud-based remote access solutions to provide more granular control and scalability.

 

  1. Consider implementing a zero-trust network access (ZTNA) solution

Most professionals in the cybersecurity industry are familiar with the principle of least privilege. This concept states that users should only be given access to what is required to complete their job duties. It should be extended to include permissions given to remote workers and third-party contractors. Zero trust network access solutions allow administrators to provide access to specific applications by role or by user. This can be applied to applications hosted within the data center or in the cloud. Not only does this solution help reduce the risk of data exfiltration but also makes it less likely that a compromised device will spread malware laterally throughout the network. With cloud-based ZTNA, businesses can quickly scale as their requirements change and offers significant performance improvements over many legacy VPNs.

 

  1. Apply unified security policies across on-site and remote users

The Internet has become a vital tool in how workers access information and perform their job duties. Whether it be conducting research, placing orders, or marketing through social media, access to the web is indispensable. And while the Internet is packed full of useful information and utility, it is also the platform for transmitting countless types of malware including viruses, worms, keyloggers, and ransomware.

This risk is amplified with the number of employees working from home and BYOD policies. They may be accessing sensitive information with their personal devices. Employees or even their family members could be using their company owned devices for purposes completely unrelated to work, including the holiday shopping we referenced earlier. And when they are doing this without being connected to VPN, they are bypassing the perimeter security controls that would have been enforced at the data center. Their devices could become compromised and then expose the corporate network to the malware on those devices the next time they come on-site or connect through VPN.

Endpoint security is an essential tool in protecting remote employees from malware, but a cloud-based secure web gateway can offer an additional layer of security as employees are browsing the internet. This technology allows administrators to enforce security and acceptable use policies across users, by restricting what sites they can access. Some secure web gateway solutions also offer additional capabilities including data loss prevention (DLP) and cloud-access security broker (CASB) functions or even sandboxing to help protect against zero-day threats.

Against this backdrop of increased cyber-risk while employees work remotely and prepare for the holidays, organizations that are agile and come up with new policies, processes, and technical solutions will be better positioned to succeed at providing the connectivity and cybersecurity needed for a distributed workforce.

 

 

KEYWORDS: cyber security ransomware risk management Security Operations Center (SOC)

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Mary Blackowiak is the Lead Product Marketing Manager at AT&T Cybersecurity. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • identity theft, fraud prevention, cybersecurity, data theft

    Taking Stock of Your Data Security to Deliver a Happy Holiday Shopping Season

    See More
  • Holiday Lights

    Ensure service account security is top priority this holiday season

    See More
  • cybersecurity

    Top Tips to Lockdown Remote Network Security Now

    See More

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing