Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

What you cannot see you cannot secure: Shining a light on cybersecurity threats in a work-from-home environment

By Sam Rehman
remote work
February 16, 2021

A quick “work from home new normal” search on Google will return results somewhere in the ballpark of 2 billion. On the other hand, searches for “cybersecurity risks work from home” result in far less—around 32 million. While that may seem like a lot of coverage on any scale, it reflects the chasm between what we focus on and what we understand about this new environment as we begin 2021.

By now, most companies recognize there is no turning back the hands of time to the way it was before the pandemic. The digital transformation is not just upon us but part of life moving forward. That’s likely to mean digital or hybrid workforces, digital currency and digital content, all of which can be hacked, causing significant damage to enterprises and employees alike. And while cybersecurity has been a concern for as long as the Internet became a staple of life, the difference now is that instead of organizations considering a strong culture of cybersecurity “nice to have,” it is a necessity—regardless of where workers are located.

This has undoubtedly sparked a great debate on how to achieve a secure environment. Particularly when it comes to distributed workforces, whether an employee is at home or in a café somewhere, standards and governance are often front and center. But without recognizing the importance of training employees and  building the right infrastructure, it is an incomplete strategy that leaves vulnerabilities hidden from sight.

Working remotely is nothing new, but it is very different from the way it was even a year ago when considering scale and types of work. Even the things employees expected and relied on in a physical office are now remote as well—hence more complex. Certainly, most agree that being aware of one’s surroundings has always been important when working outside of the office. For example, most understand that caution should be taken with screen visibility. It’s an unspoken rule to make sure the contents of a screen, or phone calls for that matter, are not being seen and heard by strangers. It’s just good practice. But with work from home becoming the norm, employees are likely letting their guards down, allowing people in the same household, whether family or visitors, to have access to work-related content. That is why a good cybersecurity strategy starts with people—and a zero trust approach.

Training programs are essential to ensure employees are aware of how to treat both digital and physical assets like phones, laptops and desk top computers. Especially with laptops providing employees with more mobility, in the event the laptop is left behind somewhere or stolen, good encryption software can prevent company data from falling into the hands of nefarious characters by denying access to unauthorized users.

Most companies are not used to having a fluid perimeter. In fact, up until now, most assumed that they could trust their ring fencing, with the idea that it was safe for employees to work within a corporate environment. Because many employees are now outside of their corporate network, control has obviously weakened. At the same time, having a trusted device has never been more important, which is why solutions are also much more important.  Particularly for accessing a trusted Virtual Private Network (VPN), which relies on bi-directional identification of both the server and the end point (laptops, phones, etc.), a layered approach providing integrated encryption is recommended in order to build a scalable zero trust environment. This includes:

  • Layer Two Tunneling Protocol (L2TP) - tunnels L2 traffic over an IP network.
  • Internet Protocol Security (IPSec) - provides data authentication, integrity and confidentiality.
  • Web Application Firewalls (WAF) - helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
  • Network Traffic Analysis (NTA) – detects targeted attacks and previously undetected hacks through real-time and saved traffic data.
  • Cloud Access Security Brokerage (CASB) - acts as an intermediary between users and cloud service providers.

Part of assessing and mitigating cyber threats is understanding the blast radius. Micro-segmentation and SASE (Secure Access Secure Edge) is especially important now for controlling blast radius and impact spread, as is having proper security for monitoring the endpoints. That’s why an enterprise-wide policy should always start with the weakest link to assess risk. The cloud is also now central to ensuring a secure infrastructure. With COVID accelerating and in some cases forcing enterprises to shift storage options, focusing on best practices and processes for employee access is critical. This is where hyper-automation comes in.

Hyper-automation deals with the application of advanced technologies, including artificial intelligence (AI) and machine learning (ML), to increasingly automate processes and augment humans. While it extends across a range of tools that can be automated, it also refers to the sophistication of the automation to discover, analyze, design, automate, measure, monitor and reassess. This is critical, as it shifts the focus away from individual technology to holistic business transformation and continual improvement, which in practice are rarely, if ever, successful using just one tool or technology. Specifically, AI and ML are components that are commonly considered today as a long-term investment for their strategic value. However, when applied to the right use case, they can also uncover tactical opportunities by identifying weaknesses throughout the business, including security vulnerabilities.

Automation is invaluable as long as it is coupled with high-level analytics that can discover irregularities in a system or in user behavior. It’s one thing to monitor the network, but a dump on a CRM database at 2 a.m., for example, should be easy to flag and interrupt. With the right governance, monitoring and threat response capabilities in place, expected and unexpected network patterns and anomalies can be identified quickly and remediated or corrected to ensure a fluid network perimeter. It’s worth emphasizing the need for good employee monitoring software. With the pandemic sending millions off site, companies have a real opportunity to recast this solution as something that is intended to help employees work safer rather than spy on them.

How this is communicated will make all the difference in how employees perceive it.

Many organizations make the mistake of trying to solve security problems with either governance or infrastructure alone. But a balanced three-prong approach is key, allocating budgets in equal measure. Investing in employee training and awareness is as important as investing in infrastructure and governance. Do not assume everyone has even the basics down. Better to assume cyberhacks will be the rule, not the exception. For companies still unsure of the best route to take, schedule some time with a cybersecurity expert to develop a strategy that shines a light on all of the dark places.

 

KEYWORDS: cyber security remote workers risk management zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Sam rehman 2

Sam Rehman is SVP and Chief Information Security Officer for EPAM Systems. Rehman has more than 30 years of experience in software product engineering and security. Prior to becoming EPAM’s CISO, Rehman held a number of leadership roles in the industry, including Cognizant’s Head of Digital Engineering Business, CTO of Arxan, and several engineering executive roles at Oracle’s Server Technology Group. His first tenure at EPAM was as Chief Technology Officer and Co-Head of Global Delivery. Rehman is a serial entrepreneur, technology expert and evangelist with patented inventions in software security, cloud computing, storage systems and distributed computing. He has served as a strategic advisor to multiple security and cloud companies, and is a regular contributor in a number of security industry publications.

 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Man in suit looking out at city

    A CISO's perspective on the modern cybersecurity landscape

    See More
  • smartphone-app-development-freepik.jpg

    Why mobile app developers need to prioritize user data privacy and security — and what they can do to ensure it

    See More
  • cyber remote work

    Connected and protected: Identity management for enterprises in an era of zero trust

    See More

Related Products

See More Products
  • 150 things.jpg

    Physical Security: 150 Things You Should Know 2nd Edition

  • CPTED.jpg

    CPTED and Traditional Security Countermeasures: 150 Things You Should Know

  • Whitepaper-Social-Media-3.gif

    Optimizing Social Media from a B2B Perspective

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing