Nearly two-thirds of workers who have been working remotely during the pandemic would like to continue to do so. While working from home, the boundaries between work and life can decrease or disappear altogether, as employees are using their corporate devices for personal use more than ever before. As we enter the holiday season, IT teams can expect this work/life blend to translate into increased online shopping on corporate devices, which in turn exposes the network to additional cybersecurity threats.
In fact, recent data from AT&T Alien Labs Open Threat Exchange shows a spike in DDoS-related attacks starting in August 2020, targeting multiple industries including retail. The timing of this campaign may be indicative of cybercriminals turning their focus to the retail sector to coincide with the back-to-school shopping season, during a period where employees were working remotely. If this is the case, then it is feasible that they could seek to replicate successful attack methods for the upcoming holiday season.
Whether they were ready or not, remote work has pressured companies to develop new efficient, flexible, and safer ways for employees to work from virtually anywhere. However, working with different remote tools and environments can be difficult to manage and can potentially lead to a discrepancy in how security policies are applied to onsite versus remote employees. With an expected increase in online shopping and malicious emails spoofed as end of year deals, organizations must increase vigilance and provide that users across environments get the same unified protection against threats.
How Online Shopping Increases Company Risk
With the holidays upon us, it is highly likely that employees will be spending more time online purchasing gifts and searching for the best deals. It’s almost a certainty that at least some will be browsing on unsecure websites on devices with out-of-date operating systems or browsers. All of this increases the possibility of encountering malware, phishing sites, social engineering, and ransomware. In addition, cybercriminals are launching targeted campaigns that are expanding to include attacks on different types of devices, including Macs and mobile devices, which have historically been considered by many consumers to be well protected.
To add to the complexity, most devices, whether corporate-issued or personally owned, are being used off-network, which often means a loss of visibility and control, and subsequently an increased risk for breach. When corporate assets, network applications, and cloud services are being accessed by under-secured or unmanaged endpoints, the cybersecurity threat surface created by the work-from-home phenomenon broadens. Without new strategies and tools, organizations are likely to fall victim to a higher number of cybersecurity breaches, which could take longer to detect and be costlier and more complex to recover from.
At the same time, Security Operations Centers (SOCs) are overwhelmed, trying to triage substantially more alerts each day with an often-overworked staff and a tight budget. The pressure on SOC analysts and their cybersecurity tools is caused by the rapid expansion in the number and complexity of threats to remote users. These include everything from mobile malware and email-based phishing to ransomware, identity theft, and machine-learning-based hacking algorithms.
3 Security Tips to Protect Employees When Vigilance is Reduced
Even with all of the potential cybersecurity threats that correspond with remote work, there are steps that companies can take to protect their employees regardless of where they are or how they are using their devices.
- Make it as easy and convenient as possible for employees to connect to VPN
If users are connected to the network, policies from network security devices will be enforced. Conversely, if VPNs are overloaded and make it cumbersome to access applications and data, there’s a higher likelihood that users will try to accomplish their work without connecting. In that scenario, administrators lose visibility and control. Sometimes the solution can be as simple as increasing the capacity of the VPN concentrator or adding more or higher-bandwidth network circuits. However, VPNs are not without their drawbacks. For one, they rely on voluntary action on the part of employees. In addition, they typically provide access to an entire network segment, which is often more than necessary for an employee to complete their job duties. This may needlessly make sensitive information available for view or download. For these reasons, some businesses are evaluating alternative cloud-based remote access solutions to provide more granular control and scalability.
- Consider implementing a zero-trust network access (ZTNA) solution
Most professionals in the cybersecurity industry are familiar with the principle of least privilege. This concept states that users should only be given access to what is required to complete their job duties. It should be extended to include permissions given to remote workers and third-party contractors. Zero trust network access solutions allow administrators to provide access to specific applications by role or by user. This can be applied to applications hosted within the data center or in the cloud. Not only does this solution help reduce the risk of data exfiltration but also makes it less likely that a compromised device will spread malware laterally throughout the network. With cloud-based ZTNA, businesses can quickly scale as their requirements change and offers significant performance improvements over many legacy VPNs.
- Apply unified security policies across on-site and remote users
The Internet has become a vital tool in how workers access information and perform their job duties. Whether it be conducting research, placing orders, or marketing through social media, access to the web is indispensable. And while the Internet is packed full of useful information and utility, it is also the platform for transmitting countless types of malware including viruses, worms, keyloggers, and ransomware.
This risk is amplified with the number of employees working from home and BYOD policies. They may be accessing sensitive information with their personal devices. Employees or even their family members could be using their company owned devices for purposes completely unrelated to work, including the holiday shopping we referenced earlier. And when they are doing this without being connected to VPN, they are bypassing the perimeter security controls that would have been enforced at the data center. Their devices could become compromised and then expose the corporate network to the malware on those devices the next time they come on-site or connect through VPN.
Endpoint security is an essential tool in protecting remote employees from malware, but a cloud-based secure web gateway can offer an additional layer of security as employees are browsing the internet. This technology allows administrators to enforce security and acceptable use policies across users, by restricting what sites they can access. Some secure web gateway solutions also offer additional capabilities including data loss prevention (DLP) and cloud-access security broker (CASB) functions or even sandboxing to help protect against zero-day threats.
Against this backdrop of increased cyber-risk while employees work remotely and prepare for the holidays, organizations that are agile and come up with new policies, processes, and technical solutions will be better positioned to succeed at providing the connectivity and cybersecurity needed for a distributed workforce.