Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityPhysicalSecurity & Business Resilience

Adjusting remote work polices in the future will prepare companies for next wave of threats

By Richard Bird
Adjusting remote work polices in the future will prepare companies for next wave of threats
August 4, 2021

A post-mortem on corporate America’s response to security challenges posed by the pandemic would likely reveal two unfortunate trends. Too many companies refused to change their security strategies in response to the new remote workforce reality. As a result, they are ill-prepared to deal with the coming wave of new post-pandemic security threats that were conceived due to their obstinance. 

The underlying issue is many companies failed to question the potential risk each employee could create in their hastily reformulated work-from-home model. They didn’t evaluate how employee behaviors could change during quarantine, unintentionally or otherwise.

Consider, for example, how some investment banks experienced a breakdown in having traders and analysts apart. Outside of the controls of the physical corporate environment, the avenues and opportunities to talk to each other suddenly became much easier. Some traders and analysts started communicating electronically from their home offices, putting the bank at serious legal risk from federal regulators for sharing information between departments. Understanding which employees were risky or less risky really came into play with COVID.

Companies also struggled to deal with the huge inefficiencies of employees leaving or joining the company in a fully remote world. Clinging to paper-based workforce processes of government agencies like Social Security, the U.S. Treasury or Immigration was particularly inefficient. The business world experienced massive problems in getting people to work because they were unprepared to deal with physical things like employees’ drivers licenses, passports and other records to confirm identities. Companies with large employee bases were especially hard-hit and unprepared. While there were technical alternatives for handling employee identities, companies simply refused to change their normal business processes.

The business world didn’t do a good job at evaluating where and how they were spending on security capabilities as well, and whether those investments were delivering a good ROI. Remote work triggered a surge in VPN spending during the pandemic to allow employees to securely connect to corporate networks over the public Internet, for example. But many companies failed to consider the huge strains it could place on their network infrastructure, or how those VPN connections could expose more network resources to remote workers than they typically should have access to. They refused to remedy the excessive access employees had to corporate data, even after they left the confines of the office.

The Next Wave of Cybercrime

One outcome of companies failing to change their ways during the pandemic was a massive uptick in insider-based cyberthreats and crimes. COVID created an environment of financial stress and economic uncertainty for many employees. Company loyalty waned, and employee churn increased. And many companies weren’t prepared to deal with the potential fallout, such as the disgruntled IT contractor who deleted his employers entire Microsoft Active Directory when he was fired.

We also saw a spike in employees with excessive access privileges get hacked, exposing the company to outsider-based cybercrime. Since COVID, we’ve seen a 47% jump in the severity of ransomware attacks, 35% increase in funds transfer fraud, and a 67% increase in business email attacks, to cite just a few statistics.

Unemployment fraud, which usually targets government agencies, has evolved as well. It is now being redirected back to companies. We started seeing a correlation between unemployment fraud scams and an escalation in executive spear-phishing campaigns. This activity suggests that the bad guys didn’t just file unemployment claims for people who are still on the payroll, they are aggregating and using that information to execute large-scale business email fraud scams against companies.

Employees are brilliant unintentional hackers. When something stands in the way of success in doing their work or completing their assignments, they will find a way around that obstacle. Whether it be using poorly protected personal devices to conduct corporate business because it was "easier", transferring sensitive data to those same personal devices, or not resolving home security weaknesses like personal routers and modems, the bad guys have been accumulating mountains of data about user behaviors and devices. It’s an important consideration because it means that all the fraud that has given rise during COVID is going to propagate into additional fraud that will plague companies in the post-pandemic world. The fraudsters have a wealth of new information, and they are going to exploit it in the months and years ahead.

Steps to Take

While my assessment sounds dire, there are a number of steps companies can take to better prepare and protect themselves from the next-generation of post-COVID cyberthreats. First, treat employee identity and access control as a real cybersecurity control. Employees may be a company’s greatest strength, but as exemplified in the case of COVID, they could also be the greatest weakness. They now present a much broader spectrum of risk to the company than ever before.

Next, know your people. It sounds like common sense, but you’d be surprised at how big this gap has become. Companies have more than their full-time employees to deal with; they have contractors, partners, and other connection points. Hiring during COVID exacerbated the problem by keeping new hires away in remote work environments. Many companies simply don’t know who they are dealing with. New technologies are available that let companies understand who works for them, and what they can access.

Finally, leverage other technical capabilities to reduce risk, such as multi-factor authentication, step-up authorization, etc. And then break free of your company’s reliance on VPNs to provide remote access and instead employ zero-trust architectures to restrict all users at all times.

KEYWORDS: coronavirus COVID-19 cyber security cyber threats regulatory compliance risk and resilience

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Richard Bird is Chief Customer Information Office at Ping Identity.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • insider threats

    Combating insider threats in the age of remote work

    See More
  • Ireland businesses ready for second wave of COVID, complaince security officers are in demand

    Forty percent of Ireland businesses prepare for second COVID-19 wave; Security professionals' skills more in demand

    See More
  • Relay runner

    How to prepare for the evolution of threats surrounding major events

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing