What are the security challenges of a fully remote, work-from-home workforce?
The coronavirus (COVID-19) pandemic has spread rapidly across the entire world in recent weeks. This has compelled many nations and organizations to take unprecedented actions to slow the virus' transmission. One measure being widely commanded or encouraged is remote work.
This urgent directive for telecommuting has forced organizations, many with little-to-no previous work-from-home policies in place, to massively increase their share of remote employees. Such a spontaneous shift is not without risk though, and, aside from the immediate technology and efficiency 'teething' problems that might arise, there's a more dangerous problem presenting itself: opportunistic cyberattackers.
Watch the 6 minute video below to discover key considerations for enabling a secure remote workforce. and learn the most efficient and effective solution for enabling secure work from home:
The Remote Working Security Problem
The strain on networks, applications, and services structure caused by the shift from dedicated corporate offices to remote workspaces has stretched organizations beyond capacity to cope, meaning that yawning security gaps are appearing, and threat actors are all too quick to exploit the crisis.
There's already been many reports of coronavirus-related scams and phishing attacks across the globe, prompting the World Health Organization (WHO) to call the situation an “infodemic". This term characterizes the way in which people are bombarded with an overabundance of both accurate and inaccurate information that is circulating on the internet, making it hard to know who/what to trust.
Hackers have been ramping up exploits to capitalize on this situation, such as by spamming out phishing emails that purport to offer health advice from reputable organizations such as government and WHO. The City of London Police has also reported a 400% increase in Covid-19 related fraud within a month.
So, what can organizations do to mitigate these dangers? In this blog and short video, we highlight the four big remote working security considerations, and how to address them effectively, in rapid time.
"The easiest way for an employee to continue their job is to remote control the workstation that's back at their office. This is actually a great solution if you do it securely, but if the solution is a VPN and whatever free remote screen-sharing tool the employee can find, it's probably not going to work out very well."
Security Consideration 1: Bring Your Own Device (BYOD)
While corporate-deployed devices are robustly hardened and controlled, we now have a proliferation of users on personal devices--not hardened PC images inside the office and behind a firewall. The sudden, large-scale shift to remote work has necessitated a BYOD workforce for many organizations, but without the right policies or proper security controls in place. It's inevitable that employees will (at some point) be using their personal devices to either check emails or complete work tasks. And this all amounts to a very high risk when many of these unsecured devices are connecting to the corporate-issued VPN.
Security Consideration 2: Inability to Achieve Compliance
With the rush to get so many users set up and connected remotely, there is also a risk of misalignment with your own internal policies as well as external compliance initiatives. While this may not be a short-term concern, thinking about it long-term, it's crucial that we continue to meet the guidelines of mandates such as PCI, GDPR and HIPAA. The last thing organizations need on the horizon, after a time like this, is to be hit with hefty fines.
Security Consideration 3: Shadow IT
Leaving end users, quite literally, to their own devices (pun intended) for extended periods of time, will lead to them finding their own makeshift solutions and tools. These free tools are far from enterprise-grade, and while they may help different enable facets of productivity (i.e screensharing, messaging, file storing/sharing, etc.), they come with serious security shortcomings that could jeopardize company data and/or uptime. Some shadow IT is even embedded with spyware--in other words, your screensharing tool could be sharing far more than just a screen, and it could be sharing it with cyber criminals! This is why it's important for IT to provide an enterprise solution for its users, rather than leaving it to workers to make do with what they can find, which may inadvertently create back doors for hackers and malware among creating other issues.
Security Consideration 4: Privileged Remote Access
During this period, workers of all types will be required to do tasks remotely. This includes sysadmins, developers, vendors and other privileged users, who may also be forced to go BYOD. Due to the privileged and highly sensitive nature of their access and actions, this presents a substantive risk that should not be overlooked. Check out the video above for more detail around the proper protections you should be thinking about with regard to privileged credentials, privileged, sessions, vendor access, and more.
Explore BeyondTrust Solutions
Secure Remote Access solutions:
- Privileged Remote Access for employees and vendors
- Remote Support for IT service desks.
Endpoint Privilege Management solutions:
Contact BeyondTrust to learn more.
Related Blogs
Is Your Workforce Going Remote? – Why VPNs and Personal Computers (BYOD) Should Never Mix
Coronavirus is Stress Testing Remote Access: How to Make Telework Safe, Secure, & Productive
IT Considerations for Supporting Remote Workers due to the Coronavirus Epidemic
How to Secure Remote Access for Vendors & Employees: 10 Tips
Bryan Hood, Director of Solutions Engineering
As Director of Solutions Engineering at BeyondTrust, Bryan and his team work closely with both prospects and customers to evaluate their needs for securing access to users and business critical systems, while still enhancing IT productivity. He consistently speaks about benefits of securing remote access and privileged access for numerous trade shows and while visiting clients. Prior to joining BeyondTrust, Bryan worked as a Senior System Engineers and Messaging Architect for several large corporations, and also worked as a contractor to the Department of Defense in these roles. With more than 20 years of experience, he helps drive efficiency, productivity, and security through assisting with installation and helping clients maximize on their BeyondTrust investment.
