How To

12 risks and how to prevent them

Remote work is now a standard option for most professionals, but the growing popularity of working from anywhere has led to a corresponding rise in cybersecurity incidents.

Remote work during the COVID-19 pandemic has led to a 238% increase in cyber attacks, according to a March 2022 report by Alliance Virtual Offices, which provides services to the remote workforce. And Gartner’s “Top 7 Cybersecurity Trends for 2022” named the expanding attack surface that has come with remote work and the growing use of public cloud as a major area of ​​concern for cybersecurity. Trends like these have made security improvements for remote workers and risk-based vulnerability management the “most urgent projects” in 2022 for 78% of CISOs surveyed by security software provider Lumu Technologies.

How does remote work affect cybersecurity?

A remote work environment can increase the risk of a data breach or other cyberattack for several reasons, according to multiple security experts. Remote work, especially remote work at scale, greatly increases the potential attack surface that must be protected.

Gartner reported that 60% of knowledge workers are remote and at least 18% will not return to the office. “These changes in the way we operate, along with greater use of the public cloud, highly connected supply chains and the use of cyber-physical systems,” Gartner warned, “have revealed new and challenging attack ‘surfaces’.”

Remote workers sometimes further widen the attack surface – and increase the risk – by introducing unauthorized technology. “There was growth in shadow IT as home workers bought in [technology] that might not be sanctioned by IT, but they had to do their job,” said Sushila Nair, vice president of security services at NTT Data Services and a member of the emerging trends task force at IT management professional association ISACA. And because the technology can go unnoticed by IT, she added, shadow IT often lacks the security and protection checks it needs.

Remote work has not only expanded the potential attack surface, but also moved it beyond the conventional perimeter defenses, such as firewalls and intrusion detection systems, that organizations have traditionally built to thwart ransomware attacks, data breaches and other types of cybercrime .

“They used to protect the castle, but now people don’t work inside the castle,” said Ed Skudis, president of the SANS Technology Institute. “They’re on the field, so those defenses don’t protect them out there. We’ve been saying for years that the network perimeters we’ve built are breaking down because of things like wireless and cloud, but then COVID came along and blew it all up.”

What’s more, cybercriminals are taking advantage of the shift to remote work environments by exploiting vulnerabilities in the infrastructure that enables remote work and adjusting how they target workers themselves. “The attackers have noticed,” Skudis added. “They’re really focused on attacking domestic workers because they’re no longer protected in these enclaves that organizations have built up over the last 30 years.”

Remote security risk factors
Increased workloads, cloud deployments, talent shortages, overstretched staff, vulnerable networks, access irregularities, sophisticated attackers and worker habits can all contribute to remote security issues.

The most common cybersecurity risks when working remotely

The cybersecurity risks associated with remote work are many and varied, including expanded attack surfaces, security skills shortages, vulnerable networks, cloud infrastructures, and employee work habits.

1. Expanded attack surfaces

With more employees working remotely, organizations simply have more endpoints, networks, and software to protect, all of which significantly increases the workload on security departments that are often overburdened.

2. Lack of security talent

Staffing challenges in some organizations can lead to delays in adequately providing for remote workers. In its 2022 Cybersecurity Skills Gap Global Research Report, network security vendor Fortinet revealed that 60% of the 1,223 IT and cybersecurity leaders surveyed said they are struggling to recruit cybersecurity talent, and 52% are struggling to retain qualified workers, while 67% admit that a shortage of qualified cybersecurity candidates poses greater risks to their organizations.

3. Less monitoring by security officers

“Workers don’t have cybersecurity teams to monitor what’s happening on the home network,” Skudis said. By its very nature, telecommuting moves some system access, network traffic and data outside the conventional perimeters of the corporate technology environment and the security monitoring of that environment. Companies typically cannot extend monitoring to all endpoints and across all networks that now support remote work environments, Skudis explained.

4. Bad data practices and procedures

Workers may, for a variety of reasons, download sensitive information to their local devices that may or may not be encrypted, said Scott Reynolds, senior director of enterprise cybersecurity at ISACA. For efficiency reasons, they may also share sensitive company data over unsecured channels, such as unencrypted emails or files, without realizing the risks involved.

5. Susceptibility to Phishing Attacks

Phishing “continues to be a persistent, pervasive threat,” Reynolds said, “and all it takes is one person clicking on something they shouldn’t for something to happen.” The risk increases remotely as workers become more dependent on email and become less suspicious of a well-designed email phishing attack disguised as a legitimate business request.

6. Unsecured and Vulnerable Hardware

The sudden shift to remote work at the start of the pandemic means many workers are using their personal devices to do their jobs, regardless of whether they have the skills to ensure their home routers, laptops and smartphones are properly updated and adequately protected, Glenn Nick said , associate director of cybersecurity incident response at consulting services provider Guidehouse.

Impact of COVID-19 on Cybersecurity
Much of today’s remote cybersecurity challenges can be traced back to the beginning of the pandemic.

7. Unsecured and Vulnerable Networks

Telecommuting also increases the chance that employees will use unsecured networks, such as public Wi-Fi. Even home networks are often vulnerable to attacks. “People are housed at home and working in an environment that they don’t have the technical expertise to provide,” Nick explained. “They may be told to update their routers or use a VPN, but they may not have the technical expertise to do so. And at the same time, you have nation states attacking home routers and home network devices.” The threat is so significant that the US Cybersecurity and Infrastructure Security Agency (CISA) highlighted the risk in a June 2022 warning.

8. Unsecured corporate network

CISA also noted that hackers are targeting a wide range of networks, including vulnerabilities in corporate network equipment used to enable remote work.

9. Vulnerabilities in underlying technologies

Companies need to be aware of the technologies that enable remote work. “There is a huge amount of vulnerabilities found in remote work support solutions,” Skudis warned.

10. Misconfigurations in the public cloud

The cloud is a key technology for remote work, but it also brings risks. One such risk lies in misconfigurations, especially related to access. Organizations can inadvertently grant users too much access or fail to implement access controls. According to the 2022 Cloud Security Report from network security software provider Check Point Software Technologies, more than a quarter of information security professionals surveyed say their organizations have experienced a security incident on public cloud infrastructure in the past year and incorrect security configurations were the leading cause.

11. Webcam Hacking and Zoombombing

Businesses have increased their use of video conferencing and other online collaboration platforms, and so have hackers. Cybercriminals can sabotage or disrupt online conferences or move undetected to obtain information, such as private data or corporate emails, that they can use to their advantage, Skudis said.

12. Sophisticated Socially Engineered Attacks

Hackers are becoming increasingly sophisticated to take advantage of the corporate shift to remote work environments. “[D]despite defenders’ best efforts,” read the 2022 Social Engineering Report from security software vendor Proofpoint, “cybercriminals continue to succeed in exploiting the human element to realize financial gain.”

Cybersecurity Best Practices for Remote Work

Proofpoint’s rating reflects the longstanding acknowledgment that nothing is 100% secure. But companies that follow security best practices can dramatically reduce their chance of suffering a costly and sometimes devastating cyber attack:

  • Implement basic security controls. Remote employees, Nick advised, should use virtual private networks to access corporate systems, ensure that devices accessing the corporate network have anti-virus software and follow a strong password policy that requires unique passwords for different sites. Experts also recommend using encryption to protect sensitive data and cloud-based file sharing to keep data off work devices.
  • Strengthening the corporate data protection program. “Know where your digital information is,” Reynolds said, “what information you’re collecting, where your crown jewels are stored, and what you’re doing to protect the data.”
  • Establish a strong vulnerability management program. Use a risk-based approach to quickly address the vulnerabilities that pose the highest risk and reduce the total number of unpatched vulnerabilities that hackers can exploit.
  • Review existing threat detection and incident response programs. “They need to be updated,” suggested Nick, “to meet current threats and the current environment.”
  • Implementation and Progress a zero trust framework. All users and devices should be required to verify that they are authorized to access the corporate environment.
  • Implement User Behavior Analysis (UBA). A key component of Zero Trust UBA uses machine learning and data science to identify and understand a user’s typical pattern of accessing corporate systems and flag suspicious activity that could indicate a user’s credentials have been compromised.
  • Ensure correct cloud configurations and access. Misconfigurations are a leading cause of security incidents in public cloud infrastructures. Take measures to eliminate malfunctions, omissions or errors that could put the work environment at risk during cloud migration and operations, and establish reasonable user access controls.
  • Establish an ongoing security awareness program. Educate users about potential new security threats and the steps needed to keep the organization safe. “It all comes down to consumer awareness,” Skudis noted, “because if you do all the other things but don’t tell consumers how to stay protected, you’re going to be in trouble.”