As many businesses made the quick transition to remote or hybrid work environments this year, many wondered if this transition would be a phase or a long-term workplace adjustment. According to a recent study conducted by Gartner, it looks like the latter may be true going into 2021. According to the study, 82% of business leaders say their organizations plan to let employees continue to work from home at least some of the time, while 47% plan to allow employees to do so permanently.
Given the health and safety concerns brought to the forefront of everyone’s minds this year, the prospect of a long-term remote or hybrid work environment has been met with overall positivity. However, from an IT perspective, this new era of remote work has brought with it a host of data security challenges as well.
The security and reliability comforts found in an office setting are not a luxury experienced by IT professionals who are supporting a remote workforce. Personal WiFi routers and networks are typically less secure than what is found in most business environments, which increases the risk that company or customer data will be compromised. One option to increase data security in these situations is to route traffic through a company VPN. However, common VPNs are rarely robust enough to handle the onslaught of remote worker access that is now required, leading to reduced performance and increased vulnerabilities.
Home WiFi networks, weak passwords, and ill-informed employees provide an all-too-tempting scenario for cybercriminals. Penetration testing is an effective preventive measure to reveal exploitable vulnerabilities so you can address those issues proactively.As an alternative to VPN, IT leaders should consider remote access. This alternative would allow your business to increase stability and productivity across your workforce while maintaining flexibility and control. Some options may include remote desktop connections, software-defined perimeters, role-based permissions, and more.
When times get tough, budgets get tighter. It’s a fact of business. For IT teams, these constraints often lead to a realignment in priorities and reallocation of funds. For many businesses, this means focusing on core, fundamental systems to ensure greater security and stability, often at the expense of upgrades or enhancements. In fact, according to McKinsey, “the cost of securing the fundamentals could reduce budgets for more advanced threat-intelligence upgrades, behavioral analytics, and other tooling.”
To mitigate this risk, aim to establish or update your remote work policy to include protocols for data access, including permission levels and two-factor authentication requirements. This year alone, the use of two-factor authentication increased 18%, likely due to the increased pressures and challenges presented by the remote workforce. To further reduce data access security risks, create a permission hierarchy for the various applications in your company. Communicate those permission levels to appropriate stakeholders within the organization. And be sure to provide a method for escalating permission requests so employees and their supervisors feel empowered to adjust levels of access based on responsibility, whether that’s adding or removing permissions.
A sea of remote workers has caused a feeding frenzy for cybercriminals. In fact, a recent report shows a spike in the frequency of phishing attacks, with 80% of employees reporting phishing emails this year, compared to 73% in 2019. Cybercriminals are constantly evolving and gaining sophistication in their attempts, making it more and more difficult for individuals to spot a deceptive email. Unfortunately, this also equates to more malicious links clicked and a host of data security challenges that follow. Also, be wary of voice phishing attempts as well. According to a report released at the end of 2019, 90 voice fraud attacks occur every minute.
To protect your company from phishing attacks and the costly repercussions that follow, be sure to install a phishing filter on your email platform and all web browsers installed on company-provided computers. Although this filter will not stop all phishing attempts, it will significantly reduce the number that are able to get through. Third-party blocking applications also can help your business control some of the voice phishing attempts.
On top of those barriers, your team should invest in staff training and penetration testing to ensure everyone on your team is vigilant and prepared to identify and neutralize phishing attacks, in whatever form that comes.
Remote and hybrid working environments are likely here to stay for the long haul. As you look toward 2021 and beyond, it’s important to assess and address the new or expanded risk points your business now faces. With proper planning, staff training, and continual monitoring, your team will be in a great position to meet whatever challenges lie ahead.