Prior to the pandemic outbreak, some 5.2 percent of U.S. employees worked remotely on a full time basis according to the U.S. Census.
A study conducted by M.I.T shows that half of those who were employed before the pandemic are now working remotely. According to Gallup polling data, the percentage of Americans working at home has ballooned in response to COVID-19. In mid-March, the figure stood at 31 percent, growing to 49 percent only a week later and finally peaking at 62 percent in mid-April. Global organization Morgan Stanley transitioned quickly, as its CEO stated that 90 percent of its 80,000 employees were working from home.
School systems across the country have also closed their doors to on-premise activities, turning to remote learning. According to the Brookings Institute, 47 million students from more than 100,000 schools in the U.S. were sent home at some point to wait out the school year.
Remote Work Strategies Going Permanent
While recent events may have been a motivating factor to scale out remote work strategies, it is obvious that the new approach of allowing employees to work from home is not a fad, but the start of a new paradigm. As the CEO of Barclays recently said, “Putting 7,000 people in a building may be thing of the past.” He is not alone. Walmart announced that any of its tech workers who had been working remotely as a result of the pandemic, can keep on doing so. That equates to over 10,000 workers. According to a survey of 150 HR leaders from the nation’s largest companies, 77 percent expect the shift toward more teleworking to continue for the next twelve months.
Risks from the Move to Remote Work or Learning
Across the country, professionals currently working from home are more vulnerable to cybersecurity threats today because of the simple fact that they are physically separated from the team. They don’t have the luxury of asking for the input of a fellow colleague nearby about a suspect email or getting help from IT staff person who happens to be walking past the department. That isolated feeling of being on their own when it comes to cybersecurity is a big challenge faced by remote workers.
This fact has not gone unnoticed by hackers. The Department of Homeland Services and other security organizations have confirmed that hackers are adjusting their tactics to prey on remote workers. New malicious strategies are taking advantage of not only the isolation of workers, but the insecure network environment that many operate from. As employees may feel more comfortable while working within their home environments, they may not be as mindful to practice proper cyber hygiene.
The involved risks are far greater than the mindset of remote workers. As the number of remote work locations increase, the attack surface of the enterprise expands. Some risks include remote employees:
- Working within insecure networks that are far more vulnerable to outside attacks. Examples include unencrypted wireless networks and home routers that still operate in their default state out of the box.
- Learning to use new tools such as collaborative software and VPN clients. Their lack of familiarity with these systems makes them more prone to taking actions that can increase vulnerability.
- Using personal devices that lack enterprise grade security tools to protect them from malware and other types of attacks.
- Taking shortcuts that circumvent best security practices. Examples include the use of personal email to send work documents or sharing work devices with a family member. A recent study showed that 52 percent of employees that work from home admit to cutting corners in this regard. Another report showed that 48 percent of remote workers cite “not being watched by IT” as a reason for not following safe data practices.
- Being more difficult for organizations to implement cyber security processes. Enterprises that employ on-prem based systems such as Microsoft Group Policy to enforce security policies are only able to update machines when they are connected by VPN. This limits the ability of cybersecurity teams to deploy new or modified policies and updates. Even the ability to change a password in quick fashion can be challenging.
Recent Data Breaches and Attacks Involving Remote Workspaces
While many people have spent a greater amount of time in their homes recently, hackers have been especially busy. New attack methodologies such as zoom bombing were introduced as well as endless scams that took advantage of the confusing and fearful times at hand. Here we list just a few of documented attacks that have taken place recently:
- High end gamepad maker, SCUF, suffered a data breach involving 1.1 million customer records that included payment details. This was due to a system that was being operated offsite due to the company’s recent remote work strategy. The involved system lacked adequate authentication security.
- A security flaw within a coronavirus contact-tracing app possibly exposed the sensitive personal details of more than a million people according to an investigation by Amnesty International.
- The U.S. House Oversite Committee experienced a zoom-bombing attack involving a meeting with another party overseas on April 3. A week prior to that, the FBI issued a warning to school systems involving online classroom hijacking involving collaborative software
- Two websites used by the San Francisco Airport for airport employees and construction contractors were compromised by Russian state hackers who inserted malicious code within both sites that was used to steal user logon credentials.
How do Offices and Schools Protect Privacy in this New World
Companies and schools are working diligently to implement new security measures to adequately protect remote work and learning practices. Here is a list of some of the recommend practices.
- Denying local admin rights to standard users enforcing the principle of least privilege on enterprise machines.
- Requiring encrypted VPN connections for all mobile machines that need to access to the corporate network.
- Implementing VDI or cloud-based technologies that involve encrypted connections and keep involved data located within a secured corporate environment
- Developing education training programs on how to use new tools such as Zoom, Teams and other newly introduced software applications.
- Incorporating a Zero Trust model backed by technologies such as multifactor authentication (MFA) and operational policies that disallow financial requests using email.
- Continuing to create and modify corporate security policies for your remote work programs as new technologies are introduced.
Having a Cybersecurity Partner is More Important than Ever
When it comes to cybersecurity, this is not a time to go it alone. Conditions are changing at an ever-accelerating pace today and attacks methodologies are increasing exponentially. It is times like these when it is important to have a partner that can help you navigate a course to get through the troubled waters ahead. Your employees don’t have to combat cybersecurity threats alone, and neither do you. While it may seem like a new paradigm is taking place throughout the world today, securing remote work environments isn’t new to Halock Security Labs.
Talk to our team of subject manner experts today and learn now HALOCK can help you create a security strategy customized to meet the needs of your company and satisfies the compliance demands of regulators and possible litigators.
Learn more about our comprehensive Risk Management Program to help prioritize your investments while balancing your security, compliance, and business obligations.