Cybersecurity when working remotely: 12 risks and how to avoid them
Published
Remote work is now a standard option for most professionals, but the increasing popularity of working from anywhere has led to a corresponding increase in cybersecurity incidents.
According to a March 2022 report from Alliance Virtual Offices, a provider of remote workforce services Remote work a 238% increase in cyberattacks during the COVID-19 pandemic. And Gartner's "Top 7 Cybersecurity Trends for 2022" identifies the expansion of the attack surface associated with remote work and increased use of the public cloud as a key area of cybersecurity. Trends like these have made security improvements for remote workers and risk-based vulnerability management the "most urgent projects" in 2022 for 78% of CISOs surveyed by security software provider Lumu Technologies.
How does remote work impact cybersecurity?
One Remote work environment may pose a risk of data breach or other Cyberangriffs increase for several reasons, according to several security experts. Remote work, especially large-scale remote work, significantly increases the potential attack surface that needs to be protected.
Gartner reports that 60% of knowledge workers remote work and at least 18% will not return to the office. "These changes in the way we work, along with increased use of the public cloud, highly connected supply chains and the use of cyber-physical systems," Gartner warned, "have created new and difficult attack surfaces."
Remote employees sometimes expand the attack surface - and increase risk - by introducing unauthorized technology. "Shadow IT has increased as employees working from home purchase [technology] that may not have been approved by the IT department but that they need to do their jobs," said Sushila Nair, Vice President of Security Services at NTT Data Services and member of the Emerging Trends Working Group at the IT governance association ISACA. And because the technology may not be recognized by the IT department, she added that shadow IT often does not provide the necessary security auditing and protection.
Not only does remote work increase the potential attack surface, it also moves outside of the conventional protections such as firewalls and intrusion detection systems that organizations have traditionally put in place to defend against ransomware attacks, data breaches and other types of cybercrime.
"These systems protected the castle, but now people no longer work inside the castle," said Ed Skoudis, president of the SANS Technology Institute. "They're out in the field, so these protections don't protect them there. We've been saying for years that the network boundaries we built are dissolving because of things like wireless and cloud, but then COVID came along and blew everything up."
Additionally, cybercriminals are taking advantage of the shift to remote work environments by exploiting vulnerabilities in the infrastructure that enables remote work and optimizing their attacks on employees themselves. “The attackers noticed this,” Skoudis continued. “They are focused on attacking home workers because they are no longer protected in these enclaves that companies have built over the last 30 years.
The most common cybersecurity risks when working remotely
The cybersecurity risks associated with remote work are varied and include expanded attack surfaces, a lack of security knowledge, vulnerable networks, cloud-based infrastructure and employee work habits.
1. Increased attack surfaces
As more employees work remotely, companies need to secure more endpoints, networks, and software, significantly increasing the workload of often overburdened security departments.
2. Lack of security personnel
Staffing issues in some organizations may result in delays in adequately securing remote workers. In its "2022 Cybersecurity Skills Gap Global Research Report," network security provider Fortinet said 60% of 1,223 IT and cybersecurity executives surveyed said they are having difficulty recruiting cybersecurity talent and 52% are having trouble recruiting qualified employees to keep. 67% admitted that the lack of qualified cybersecurity candidates poses greater risks to their companies.
3. Less supervision from security guards
“Workers don’t have cybersecurity teams monitoring what’s happening on the home network,” Skoudis said. By their nature, some system access, network traffic and data resides outside the conventional boundaries of the enterprise's technological environment and security monitoring within that environment. Companies generally cannot extend monitoring to all endpoints and networks that support remote work environments, Skoudis explains.
4. Poor data practices and procedures
Employees download sensitive information to their on-premises devices, which may be encrypted or unencrypted, for a variety of reasons, said Scott Reynolds, senior director of enterprise cybersecurity at ISACA. For efficiency reasons, they may also share sensitive company data through unsecured channels such as unencrypted emails or files without realizing the risks involved.
5. Vulnerability to phishing attacks
Phishing "It's still a persistent, ever-present threat," says Reynolds, "and all it takes is one person clicking on something they shouldn't to get something." The risk is even greater with remote access because employees are more empowered Depend on email and be less suspicious when a sophisticated phishing attack is disguised as a legitimate business inquiry.
6. Unsecured and vulnerable hardware
The sudden shift to remote work at the start of the pandemic meant many workers were using their personal devices for work, regardless of whether they had the ability to ensure their home routers, laptops and smartphones were properly updated and adequately secured, according to Glenn Nick , Associate Director of Cybersecurity Incident Response at consulting service provider Guidehouse.
7. Unsecured and vulnerable networks
Remote work also increases the likelihood that employees will use unsecured networks, such as: B. use public Wi-Fi. Even home networks are often vulnerable to attacks. “Employees are working at home in an environment that they don’t have the technical knowledge to secure,” explains Nick. "They may be told to update their routers or use VPNs, but they don't have the technical knowledge to do it. And at the same time, there are attacks by nation states on home routers and home networking devices. The threat is so great that the U.S The Cybersecurity and Infrastructure Security Agency (CISA) highlighted this risk in a June 2022 alert.
8. Unsecured corporate network
CISA also noted that hackers are targeting a wide range of networks, including vulnerabilities in companies' network equipment used for remote work.
9. Vulnerabilities in enabling technologies
Companies need to be aware of the technologies that enable remote working. “There are a tremendous number of vulnerabilities that have been found in solutions supporting remote work,” warned Skoudis.
10. Misconfigurations in the public cloud
The cloud is an important technology for remote work, but it also carries risks. One such risk lies in misconfigurations, particularly related to access. Companies may inadvertently give users too much access or fail to implement access controls. According to the "2022 Cloud Security Report" from network security software provider Check Point Software Technologies, more than a quarter of information security professionals surveyed said their organizations experienced a public cloud infrastructure security incident in the past year, with security misconfigurations being the primary cause.
11. Webcam-Hacking und Zoombombing
Companies use video conferencing and other platforms for this Online collaboration more and more often, and this also applies to hackers. Cybercriminals can sabotage or disrupt online conferences or stealthily gain access to information such as proprietary data or corporate emails that they can then use to their advantage, Skoudis said.
12. Sophisticated, socially motivated attacks
Hackers are becoming increasingly sophisticated in capitalizing on companies' shift to remote work environments. “Despite the best efforts of defenders,” according to the security software provider’s “2022 Social Engineering Report.” Proofpoint , "Cybercriminals continue to be successful at exploiting the human element for financial gain."
Cybersecurity best practices for remote work
Proofpoint's assessment reflects the long-standing recognition that nothing is 100% secure. But companies that follow best security practices can dramatically reduce their risk of a costly and sometimes devastating cyberattack:
- Implement basic security controls. Nick advised remote workers to use virtual private networks to access company systems, ensure devices accessing the company network are equipped with antivirus software, and follow a strict password policy that requires unique passwords for different locations. Experts also recommended using encryption to protect sensitive data and sharing files in the cloud to keep data off employees' devices.
- Strengthen the company's privacy program. “You should know where your digital data is,” says Reynolds, “what information you collect, where your crown jewels are stored, and what you are doing to protect the data.”
- Create a robust vulnerability management program. Use a risk-based approach to quickly remediate the highest-risk vulnerabilities and reduce the total number of unpatched vulnerabilities that hackers could exploit.
- Review existing threat detection and incident response programs. “They need to be updated,” Nick suggested, “to reflect the current threats and environment.”
- Implementation and further development of a zero trust framework. All users and devices should be required to verify that they are authorized to access the corporate environment.
- Use of user behavior analysis (UBA). A key component of Zero-Trust UBA leverages machine learning and data science to identify and understand a user's typical access pattern to corporate systems and detect suspicious activity that could indicate a user's credentials have been compromised.
- Ensuring the right cloud configurations and access. Misconfigurations are a leading cause of security incidents in public cloud infrastructure. Take measures to eliminate glitches, gaps, or errors that could put the work environment at risk during cloud migration and operations, and establish meaningful user access controls.
- Create an ongoing security awareness program. Educate users about potential new security threats and the steps necessary to protect the organization. “It all comes down to user awareness,” says Skoudis, “because if you do all the other things but don’t tell users how to stay safe, you’re going to have problems.”