A new study from Tessian, The State of DLP (data loss prevention) 2020 (links are below) finds that “over half of WFH employees they can get away with riskier behavior when working outside the office” and that “security training doesn’t seem to be curbing the problem of data loss.” Cybersecurity experts offer perspective.
There are often dozens of unmanaged devices connecting to our home networks: personal laptops, cellphones, gaming consoles, and home IoT. Any of these devices represent an entry point for attackers; once they\’ve compromised an edge device, chances are high this compromise will spread laterally throughout the home network. And once an attacker or malware gets into a device, they often go undetected, seizing or manipulating data with the ultimate goal of moving from the single remote laptop or tablet into the big prize: the company network and servers. Some basic steps businesses can take to protect themselves against cyber threats include enforcing strong policies that:
– Employees never respond to any email asking for personal information,
– Keep software applications and operating systems up to date,
– Create strong passwords and enable two-factor authentication across all devices and accounts,
– For added layers of protection, adopt endpoint micro-segmentation to protect devices from insecure public and home Wi-Fi networks.
This COVID-19 situation will drive changes in remote working policies not just to be better prepared for the future, but also because it’s likely that many users will find that working from home is something they want to do more regularly, once it becomes optional again. Many organizations already have flexible and detailed policies in-place, but it would still be highly recommended to dust them off and make sure everything is up to date. For those that are being challenged today, this will be an opportunity to create a modern policy that supports users and their work. It will need to include technical requirements, such as home-working equipment, methods of access, VPN and multi-factor locational requirements.
Security awareness is important for home workers. It’s easy to be briefly distracted at home by a website you might not normally access in the office, perhaps to show your children something. However, home workers need to be (made) aware of the types of scams that will be targeted at them and how spending more time at home can make them a more likely target.
Enterprises should make sure cyber security remains a top priority and not let their guard down. It doesn’t take much for a threat actor to infiltrate a network, once a vulnerability is exposed. Sometimes, it means reaching beyond the corporate perimeter to top employees’ homes to help them have the correct set up. A Wi-Fi access point with cloud management capability goes a long way towards securing the access your C-suite needs to have from home, for example.
This is why WFH is keeping IT leaders up at night. Employees are going to find workarounds to remain productive, they are not going to ask IT for permission or advice as frequently, and they will introduce unknown risks to the company. Most people think of \”insider threats\” as employees with bad intentions but the more prevalent threat is derived from not adhering to IT policy.