Everyone's Working from Home: What Are the Security Implications?

What are the security challenges of a fully remote, work-from-home workforce?

The coronavirus (COVID-19) pandemic has spread rapidly across the entire world in recent weeks. This has compelled many nations and organizations to take unprecedented actions to slow the virus' transmission. One measure being widely commanded or encouraged is remote work.

This urgent directive for telecommuting has forced organizations, many with little-to-no previous work-from-home policies in place, to massively increase their share of remote employees. Such a spontaneous shift is not without risk though, and, aside from the immediate technology and efficiency 'teething' problems that might arise, there's a more dangerous problem presenting itself: opportunistic cyberattackers.

Watch the 6 minute video below to discover key considerations for enabling a secure remote workforce. and learn the most efficient and effective solution for enabling secure work from home:

BeyondTrust's Bryan Hood, Director, Solutions Engineering, covers key remote work considerations and how to implement an efficient and effective solution for enabling secure work, even if it has to be stood up quickly.

The Remote Working Security Problem

The strain on networks, applications, and services structure caused by the shift from dedicated corporate offices to remote workspaces has stretched organizations beyond capacity to cope, meaning that yawning security gaps are appearing, and threat actors are all too quick to exploit the crisis.

There's already been many reports of coronavirus-related scams and phishing attacks across the globe, prompting the World Health Organization (WHO) to call the situation an “infodemic". This term characterizes the way in which people are bombarded with an overabundance of both accurate and inaccurate information that is circulating on the internet, making it hard to know who/what to trust.

Hackers have been ramping up exploits to capitalize on this situation, such as by spamming out phishing emails that purport to offer health advice from reputable organizations such as government and WHO. The City of London Police has also reported a 400% increase in Covid-19 related fraud within a month.

So, what can organizations do to mitigate these dangers? In this blog and short video, we highlight the four big remote working security considerations, and how to address them effectively, in rapid time.

"The easiest way for an employee to continue their job is to remote control the workstation that's back at their office. This is actually a great solution if you do it securely, but if the solution is a VPN and whatever free remote screen-sharing tool the employee can find, it's probably not going to work out very well."

Bryan Hood, Director, Solutions Engineering, BeyondTrust

Security Consideration 1: Bring Your Own Device (BYOD)

While corporate-deployed devices are robustly hardened and controlled, we now have a proliferation of users on personal devices--not hardened PC images inside the office and behind a firewall. The sudden, large-scale shift to remote work has necessitated a BYOD workforce for many organizations, but without the right policies or proper security controls in place. It's inevitable that employees will (at some point) be using their personal devices to either check emails or complete work tasks. And this all amounts to a very high risk when many of these unsecured devices are connecting to the corporate-issued VPN.

Security Consideration 2: Inability to Achieve Compliance

With the rush to get so many users set up and connected remotely, there is also a risk of misalignment with your own internal policies as well as external compliance initiatives. While this may not be a short-term concern, thinking about it long-term, it's crucial that we continue to meet the guidelines of mandates such as PCI, GDPR and HIPAA. The last thing organizations need on the horizon, after a time like this, is to be hit with hefty fines.

Security Consideration 3: Shadow IT

Leaving end users, quite literally, to their own devices (pun intended) for extended periods of time, will lead to them finding their own makeshift solutions and tools. These free tools are far from enterprise-grade, and while they may help different enable facets of productivity (i.e screensharing, messaging, file storing/sharing, etc.), they come with serious security shortcomings that could jeopardize company data and/or uptime. Some shadow IT is even embedded with spyware--in other words, your screensharing tool could be sharing far more than just a screen, and it could be sharing it with cyber criminals! This is why it's important for IT to provide an enterprise solution for its users, rather than leaving it to workers to make do with what they can find, which may inadvertently create back doors for hackers and malware among creating other issues.

Security Consideration 4: Privileged Remote Access

During this period, workers of all types will be required to do tasks remotely. This includes sysadmins, developers, vendors and other privileged users, who may also be forced to go BYOD. Due to the privileged and highly sensitive nature of their access and actions, this presents a substantive risk that should not be overlooked. Check out the video above for more detail around the proper protections you should be thinking about with regard to privileged credentials, privileged, sessions, vendor access, and more.