A new study has found that 43.13% of workers will stay remote after the pandemic ends and two out of three IT professionals are concerned with teleworking endpoint misuse.
The report examines the remote work challenges generated by the pandemic year and the number of people working from home far from corporate environments, on insecure networks, in many cases sharing with other unsafe devices in their homes.
<p>The pandemic accelerated a number of well-documented trends in IT and employee working practices that have been in place for the last decade or so. Smartphones in particular have been a catalyst in fuelling this fundamental shift in our daily lives. There is no shortage of choice when it comes to what mobile device an individual decides to use, which has led to an unmanageable degree of fragmentation. </p> <p> </p> <p>Our phones and tablets have released us from our desks by enabling us to work from anywhere with the features and power of a traditional PC. With over 75% of businesses reducing or pulling out of office spaces, many firms cannot house all their employees, which effectively mandates working from home. The gig economy was already driving the need for multiple identities or profiles on our devices. </p> <p> </p> <p>Organisations that allow employees to use personal devices in a BYOD strategy lack visibility and control over devices accessing corporate data and services. This presents a serious security issue. Mobile device solutions alone have been unsuccessful in meeting the needs of the hybrid workforce. That lack of visibility into the risk presented by personal devices has been present for some time and is where significant gaps in security exist. Mobile device management solutions provide health checks that aren\’t as thorough as user authentication. Organisations are taking a significant risk by relying on user vigilance. In the case of a security incident, that won’t sit well with investigators. </p> <p> </p> <p>There are four main areas organisations should assess :</p> <ul> <li>Devices – just like PCs, our phones and tablets are exposed to attacks targeting the device operating system. When Apple and Google are concerned enough to release a patch for their operating systems, everyone should immediately update their device. However, half of the population is unlikely to have upgraded two weeks after notifications of a new update, creating a rich pool of vulnerable devices for threat actors to exploit. </li> <li>Apps – Any mobile app installed on a device with access to corporate resources needs to be validated. This prevents non-official, sideloaded apps, from being present whilst accessing corporate data. Sideloaded apps present a material risk to the data on the device as they are unvetted and may contain one or more threats that might expose data to the attacker, or worse still allow remote control of features and functions.</li> <li>Network – mobile device management solutions do not check the initial connection we make with networks and hotspots everywhere. This leaves organisations with zero visibility into incidents where a user has connected to an unsecured or rogue network.</li> <li>Phishing and Content – organisations need to protect themselves and their employees from risky or malicious connections made by devices that can connect to the enterprise. Attackers leverage email, web, SMS and mobile apps to socially engineer individuals into giving up login credentials or installing malware. Security teams need to provide this protection without compromising their users’ personal privacy.</li> </ul> <p> </p> <p>Moving forward, we can expect an evolution in Zero Trust Network Access (ZTNA) technology that provides a forward proxy for any unmanaged devices accessing cloud-first applications and data.</p>