In response to the COVID-19 pandemic, many organizations around the globe rapidly took health and safety precautions by supporting a remote workforce. Over the last several months, the conversation around moving towards a remote workforce more permanently, beyond COVID-19, has been considered by some organizations. Gartner’s recent CFO study revealed that 74% of those surveyed will move at least 5% of their previously on-site workforce to permanently remote positions post-COVID-19 [1]. While it is imperative to adapt to these current trends of remote work, protecting against cyberattacks is more important than ever. Here are three security trends IT teams should be aware of when it comes to security threats in a remote workforce.
Connecting the workforce securely
Being able to stay connected at all times from anywhere in the world is a necessity now that organizations operate with and support a remote workforce. Organizations don’t always have a way to gather live reporting on security events or have solutions that can aid in active management and protection of their users, devices, and applications. With the use of a VPN, employees can securely connect to their office’s network regardless of where they’re located. However, VPNs are highly vulnerable to cyber threats. In an evaluation of VPNs, Forbes concluded that “18% of the VPNs tested contained potential malware or viruses, 85% featured excessive permission or functions that could put a user’s privacy at risk, and 25% exposed a user’s traffic to leaks” [2]. It is essential that IT teams have a way to monitor all security events while also having remediation processes in place if a threat does occur.
Protecting against increased security vulnerabilities
With a physically scattered workforce, online attackers have more opportunities to invade and harm an organization’s users and internal network. Cyber attackers are taking advantage of the COVID-19 crisis and have found new ways of infiltrating an entity’s infrastructure. As a result of the remote workforce, there has been an increase in email and voice traffic. According to Netscout, there was an instant 25% to 35% increase in internet traffic since the start of COVID-19 [3]. With this in mind, cyber attackers are using creatively titled COVID-19 emails that seem to be coming from legitimate health sources or pandemic reports. Similarly, voice and SMS phishing attacks are also on the rise as remote workers use personal devices to hold conference calls or confirm multifactor authentication. It is a natural tendency for users to open an email or accept a call or text that seems harmless because indications of dangerous content are not obvious. Additionally, some IT teams may not have the resources or established processes to combat these challenges at the scale currently seen.
Safeguarding business applications and sensitive data
Currently, there is an increase in dependency on remote work applications and services. Traffic from communication and collaboration applications like Office 365, WebEx, Zoom, and Slack (just to name a few) has skyrocketed. This leaves an organization’s assets to be more vulnerable. This also means there are more ways for cybercriminals to attack and jeopardize sensitive data, such as credit card data for financial institutions or patient information for healthcare entities. As evidence, T-Mobile took the action of moving 12,000 call-center employees to a remote work set-up. Employers like T-Mobile worked hard to ensure their call-center workers were provided with the relevant tools to provide their customers with the same level of service while working remotely. Many organizations’ trustworthiness and success rely on being compliant with standard regulations like HIPAA or PCI, and so it is no surprise that security is in need of immediate attention. It is therefore imperative that organizations implement more security solutions to protect all applications used to process customer transactions, such as billing and returns, which now happens in the homes of remote employees.
With remote work, employees are now working from anywhere in the world, and IT teams face a greater security challenge to protect and keep their users, infrastructure, and customer data safe from malicious threats. Everyone expects to stay connected at all times, and have secure access to services and tools in order to be productive and successful while working remotely. Behind the scenes, IT teams have the challenge of ensuring security at every point in the network and with every customer interaction. Being cognizant of where potential threats could be coming from is the first step to a more secure remote work environment.
To learn more about how you can manage security vulnerabilities and explore solutions, visit our remote work page for additional resources.
Sources:
[1] Gartner 2020 CFO Remote Work Post-COVID Survey
[2] Too Many VPNs Put Our Privacy and Security at Risk