How to combat the security challenges of a remote workforce

March 24, 2021

The business repercussions of the coronavirus pandemic caught many organizations off guard last year. Forced to quickly transition employees to a work-from-home setup, employers were often ensnared by the security risks of a remote workforce. Security information site Cybersecurity Insiders describes the security challenges of working remotely and offers tips on how organizations can surmount them.

SEE: Working from home: How to get remote right (free PDF) (TechRepublic)

The “2021 State of Remote Work Security report” was produced by technology provider archTIS and its subsidiary Nucleus Cyber in collaboration with Cybersecurity Insiders. Based on a survey, the information in the report was derived from 289 security leaders and practitioners who are part of the Cybersecurity Insiders community.

Survey results

Among the respondents, more than half said that over 75% of their employees now work remotely, compared with a year ago when the same number said that only 25% of employees worked remotely. A full 90% said they expect their organizations to continue to maintain a remote workforce. But 79% of those surveyed expressed concerns over the security risks of working remotely.

Asked to name the specific concerns about securing a remote workforce, 79% pointed to network access, 60% to BYOD and the use of personal devices, 56% to the difficulties in securing applications and 51% to the challenges of managing devices.

A remote workforce creates more endpoints that can be vulnerable to security breaches. Some of the potential risks cited when users connect remotely included exposure to malware and phishing attacks, the access of data by unmanaged endpoints, the auditing of employees working from unmanaged resources and ensuring compliance of regulated users.

Such a quick shift to remote working among so many employees has triggered additional concerns. Among those surveyed, 68% expressed fears about data being leaked through endpoints, 59% were worried about users connecting with unmanaged devices, 56% pointed to network access from outside the perimeter without proper anti-malware protection and 45% were concerned about maintaining compliance with regulatory requirements.

The survey also asked respondents to identify specific factors that make remote work less secure. The responses pointed to such items as users who mix personal and business tasks on their work laptops, home users being more susceptible to phishing attacks, the organization lacking visibility into remote workers operating outside the network and furloughed users posing an increased risk of data theft.

Of course, professional security and IT staffers do take the necessary steps to protect their remote endpoints. A majority of respondents said they use antivirus/anti-malware software, firewalls and VPNs to properly secure work-from-home environments. Most use multifactor authentication, endpoint detection and response and anti-phishing tools. Many also said they use password management, backup and recovery technologies, file encryption and single sign-on.

“As with any cybersecurity measure, there is no single silver bullet that will completely eliminate the many potential vulnerabilities of maintaining a remote workforce,” Cybersecurity Insiders CEO and founder Holger Schulze told TechRepublic. “That said, we do believe some of the following recommendations can go a long ways towards protecting your remote workforce and the sensitive data that resides within the corporate network.”

Recommendations

Continuous training and education. Most large organizations will conduct episodic training and education for their workforce. But to make sure workers truly understand the various risks that come with remote work, you must deliver these programs on a continual basis. This is especially important in terms of phishing and ransomware attacks as threat actors always find novel ways to deceive their victims and impersonate trusted sources.
Harden remote Wi-Fi connection points. Whether it’s through a phony free Wi-Fi hot spot at the airport or a home connection with a poorly secured or open router, a hacker of modest capabilities can easily steal a legitimate user’s credentials. Educating and training users on safe remote connection practices is essential, as is adopting a Zero Trust network model or network segmentation to limit the resources an unauthorized user might see.
VPNs are a good start but not a cure-all. Used for almost two decades, VPNs provide an encrypted tunnel that securely connects a user to the network. However, VPNs can give a false sense of security to both the user and the organization as known vulnerabilities offer an attacker a way to piggyback onto the network without being detected. Zero Trust and
software-defined perimeters

are better ways to ensure that outside threat actors can’t see everything or escalate privileges on the network itself.
Don’t forget about data security. Whether sensitive data is being extracted by a malicious threat actor or accidentally or intentionally leaked by an insider, protecting sensitive data is more difficult with so many workers logging in from remote locations. Invest in attribute-based access controls technologies that can enforce fine-grained security at the file level.
Pay attention to third-party collaboration platforms. Applications like Microsoft Teams and Slack help keep us connected and productive. The organizations that use them often think they’re fully secure because they’re supported by large and well-funded vendors. But they’re as vulnerable as any other commercial application. You may never know that a remote worker’s credentials have been compromised until long after the sensitive data has left the network. A defense-in-depth approach that layers both network and file-level security tools is critical for protecting both your remote workers and your sensitive corporate assets.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Also see

Zoom vs. Microsoft Teams, Google Meet, Cisco WebEx and Skype: Choosing the right video-conferencing apps for you (free PDF) (TechRepublic)
Dark Web: A cheat sheet for professionals (TechRepublic)
Video teleconferencing do’s and don’ts (free PDF) (TechRepublic)
RFP templates and guidebook (TechRepublic Premium)
Remote working 101: Professional’s guide to the tools of the trade (ZDNet)
Tech history: Check out our coverage (TechRepublic on Flipboard)

Article source: https://www.techrepublic.com/article/how-to-combat-the-security-challenges-of-a-remote-workforce/#ftag=RSS56d97e7

In the steps of the Pharaoh: five things you may not know about the Suez canal

Justice League: Bella Thorne says her brother is a ‘day one Snyder fan’

How to combat the security challenges of a remote workforce

Survey results

Recommendations

Cybersecurity Insider Newsletter

Also see

Related News

Search

Top Development Company

Breaking news

Girl, 11, Allegedly Sexually Harassed In Private School In Delhi

Free Medical Facilities Up To Rs 25 Lakh In Government Hospitals: Ashok Gehlot

Priyanka Gandhi Meets Protesting Wrestlers, Calls For WFI Chief Brij Bhushan`s Ouster

Slain IAS Officer G Krishnaiah`s Wife Moves SC Against Anand Mohan`s Release

I Have Shut All Sources of Corruption for Congress, Says PM Modi in Poll-bound Karnataka

Modi in Karnataka: People Shower Flower Petals on PM During Mega Roadshow in Bengaluru | WATCH

Mukhtar Ansari Convicted In Kidnapping, Murder Case, Jailed For 10 Years

After Rahul Gandhi, Another Lok Sabha MP Set To Lose Membership

How to combat the security challenges of a remote workforce

Survey results

Recommendations

Cybersecurity Insider Newsletter

Also see

Share this:

Related News

Search

Top Development Company

Breaking news