Remote and hybrid work became a new normal during the COVID-19 pandemic. If your organization faces this reality, you must ensure you have the capacity to support all remote access needs, so employees can access business-critical applications, collaborate with each other, and perform their normal day-to-day business needs — while keeping the network and devices secure. You must deal with a whole new host of challenges — and an increased need for strong endpoint security.
Remote workforces mean many more data-using employees are now outside a secure corporate network and need stronger endpoint security strategies deployed to keep data safe
Employees and contractors are now connecting to enterprises via home networks — often with no firewalls to protect their connection. This means security teams, already stretched thin, now must monitor and protect more devices —remotely. To complicate matters even more, remote work means more employees are using their personal devices to access corporate data. A report from HP Wolf Security found that 75% of office workers say that COVID-19 blurred the lines between their personal and professional lives — especially with the devices they use. Result: many employees now use the same device for both leisure and work — and even share devices with members of the household. “Bring Your Own Device” (BYOD) means employees add levels of security risk as they work.
The devices employees use to access business-critical data are sometimes the same ones they are using to download games, stream videos, or lend to their children for online studying.
The dangers of BYOD policies are many
Securing the increased number of devices accessing corporate data — especially employees’ own personal devices not corporate-owned — can be difficult. With 71% of employees claiming they access more company data more frequently from home now than they did pre-pandemic, there are plenty of endpoints for hackers to attack.
It’s not a minor threat: 51% of IT decision makers have seen evidence of compromised personal devices being used to access corporate and customer data. Even printers are not safe — 45% of IT decision-makers say they’ve seen employees’ home printers used to launch attacks.
Remote work is here to stay — and companies must deploy strategies, processes, policies, and tools to increase endpoint securityAround two-fifths of officer workers expect to be mainly working remotely post-pandemic — or at the very least in a hybrid model between home and office. Now that employees have had a taste of working from home, many do not want to go back to the office full time.
- How data should be transferred to company servers
- How often corporate data should be deleted
- How corporate data should be stored
- How to encrypt and secure corporate data
- Which data and applications can be processed
In addition to creating these policies, IT security teams must address these common remote work security threats:
- Unsecured networks: IT security teams need to train remote staff on the threats from using their home Wi-Fi networks, where many people leave their Wi-Fi passwords to be protected by factory-default passwords — or worse, no passwords. Cyber criminals can easily set up “evil twin” access points that can fool users into connecting to them to steal sensitive data. IT security teams must ensure remote workers change Wi-Fi passwords, update firmware, and use strong encryption to keep connections secure.
- Phishing and malware: Employees need to be trained and alerted to the dangers of phishing and malware — implore them to check for encrypted website connections, verify site ownership, and avoid storing sensitive information on untrusted websites. Make sure they use extreme caution with any unfamiliar sites asking for login information — and never click on links or download attachments from untrusted sources.
- Unpatched Virtual Private Networks: Cybercriminals are using advanced methods to scan for unpatched VPNs with known vulnerabilities — giving them another on-ramp onto corporate networks. IT teams must ensure VPNs have been properly patched and use authentication to regulate access to corporate resources.