Although remote work was initially introduced with great enthusiasm but since then, many have taken to the ease and comfort of working from home , and businesses have gained as a result, with savings in costs as well as improved employee health and increased productivity for the majority. With more than 80 percent of companies are planning to use this for at least one full day each week (Gartner) It’s obvious that remote working for the long term and greater flexibility overall is a crucial aspect of the modern work method.
Many businesses struggle with security and connectivity risks it brings. A new study from Advisen has revealed a clear connection between remote work and cyber-attacks and financial institutions being the second most targeted for cyber attacks. Because it is among the most strictly controlled industries, and given the nature of sensitive information stored by banks and financial companies, criminals are staking out recent disruptions to working practices as opportunities to profit from this industry.
Users take on their role
One of the most significant security risks posed by remote work is the phishing scams. Since the beginning of the epidemic the number of phishing emails grew by 667% within one month. While working from their home, employees could easily be a victim of unsafe emails, links or files they normally might have been aware towards. Security teams have put up security posters in the workplace and, as the majority of offices are not occupied and the posters are probably getting dusty and messages that have been lost.
Particularly during school closings as many professionals had to manage working and homeschooling the devices of corporate companies often become multi-purpose devices that could be used by all home users. The policies regarding this may differ among organizations, however the nature of the data most employees in the finance and banking industries deal with could have disastrous results. A single unintentional action could expose data online, or grant hackers access to systems that hold such data without the user’s consent.
Perimeter-based applications are no longer the best choice
The shaky and unsecure network at home have created an additional problem for IT departments. A study by Bitsight discovered that more than half of organizations had at least one device connecting to their corporate network through home networks that were plagued by at least one type of malware. The threat of malicious actors is that they could penetrate the home network and then utilize it later to get access to corporate networks as well as the vital assets it houses.
This is particularly worrying as the conventional controls might not be effective. In the beginning of the epidemic, the trusted VPNs that a lot of organizations previously depended on to access networks were not designed to handle the sudden surge in demands. IT teams did not have the amount of licences required to support the whole workforce daily and growing the number of users could be an increase in bandwidth. If the directive from management was “get everyone up and running as fast as you can” IT teams might be required to rethink their disaster recovery plans and abandon certain security measures to keep their the efficiency of their teams.
Remote working has provided the flexibility of some, but as much than 53% employees believe that they must be available all entire day (CIPD 2021). This means that surveillance systems for security that study the user’s behavior to identify suspicious behaviour and spot security breaches are having a hard time keeping up with. The inability to log in at regular times, coming from unidentified locations or with new software can create false positives that cause alert fatigue . This can have an adverse impact on security operations teams which are overwhelmed by 60% by the number of alerts, and more than half (43 percent) struggle to prioritize and react to alerts efficiently (Forrester 2021).
Other security tools that are traditional such as those that track devices and inventory with respect to networks are now able to collect personal data as well as devices that are using the network at home of the employee. This means that IT and security teams facing the challenge of balancing the ethical requirements between security for the company and personal privacy. Modern technology allows greater control over who is able to determine what, when, and who scans occur using an agent-based method. This means that security teams will only scan and are aware of the computer with agents installed.
Re-align with today’s threats
After the initial panic has subsided and we are now able at different levels of remote working in the long term, it’s the perfect time to review our security measures, specifically the hygiene practices which were abandoned onto the weyside following the tumultuous events of previous year. The traditional approach was security using perimeters, and focusing on premises, but cloud-based services provide more support to IT and Security teams to secure both on-premise and remote devices. The new tools are able to connect directly to cloud through the internet instead of large amounts of traffic that try to stream through VPN gateways that cause delays in the process of implementing crucial security patches and software upgrades.
This solution is far greater than technology on its own however and the people who are behind the screens mustn’t be overlooked. It is more crucial more than it ever was. There has been a lot of change since the initial attack of Covid-19 therefore re-education to tackle the ever-changing threat landscape is crucial. Instead of a long webinar or a lengthy written guideline The most effective training incorporates humor and examples that are relevant to daily situations to help employees are aware of and adhere to the the best practices no matter where they’re working from.
