The massive shift to remote work cybersecurity that started during the pandemic is here to stay. With more people working from home, companies must address potential security risks before a threat arises. But this necessitates a change in mindset from both businesses and their employees. Employers need to adopt a zero-trust approach to cybersecurity, while people working from home should educate themselves on the risks of data breaches.
The Rise of Cybercrime
2020 was a great year for hackers. In that year alone, the FBI reported $4.2 billion in total personal and business losses due to hacking. That’s $700 million more stolen than in 2019.
The main reason for the uptick was the sheer number of people working from home for the first time, often on computers with shaky or absent security measures. Additionally, hackers exploited people’s fear of the coronavirus, sending phishing scams relating to protective equipment, purported cures and conspiracy theories to remote workers on company laptops. This opened many businesses up to cyberattacks.
Remote vs. In-Office Cybersecurity
Remote workspaces are usually less secure than traditional offices. Some major distinctions between the two include:
- Public vs. private network usage: People working remotely often set up in a coffee shop or other space that uses a public Wi-Fi network, increasing their vulnerability to cyberattacks. In contrast, offices usually have their own secure network.
- On-staff IT department: Offices tend to have IT employees who consistently monitor and update company computers. People working from home do not.
- Firewalls and intrusion detection systems: Only some remote workers have these protections set up. Most office operations, however, have them in place.
- Range of attack: A single office building with strong network defenses may be hard to hack, but consider sending those same workers home with individual laptops, computers and tablets. Suddenly, the odds of being hacked increase exponentially. The more devices available, the greater the chance one of them is unsecured.
These are just a few cybersecurity concerns employers have about remote work. Many companies also worry about employees clicking on unsecured sites or email attachments from their work laptops, exposing the company network to potential data breaches.
Improving Remote Work Cybersecurity
The old approach to cybersecurity was to use the perimeter security model, the notion that a network has a barrier around it and companies should build those walls as high as possible. But this isn’t the ideal strategy for remote workers because it’s hard to define their security perimeter.
Instead, IT professionals need to change their mindset and adopt a zero-trust model for their security networks. The zero-trust approach has a few simple rules:
- Use least privilege: Programs and users should only have the minimum access they need to do their job.
- Assume breach: Applications, identities and networks are treated as though they’re unsecured and already compromised. It assumes that cyberattacks will — rather than might — happen.
- Never trust: Any time a user or device tries to make a new connection, the computer must verify who they are. It doesn’t trust the interaction just because it’s coming from inside the corporate network.
Though it has a negative-sounding name, the zero-trust model doesn’t mean employers don’t trust their workers. Instead, it refers to a cybersecurity model based on strict verification and limited access. Adopting a zero-trust approach is the critical mindset shift companies need to make to enable remote work.
People working at home also need to change their point of view. Instead of assuming their home network is secure, remote employees must take steps to bolster their cybersecurity defenses. Employers should educate workers about safe work-from-home practices.
A Shift in Mindset
Remote work isn’t going anywhere. Businesses and their staff must take steps to safeguard their computers against cyberattacks or risk security breaches from multiple sources. By adopting a zero-trust model and implementing strong cybersecurity practices, companies can protect the future of remote work.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.