Remote Workers Still More Vulnerable Than They Should Be
Since it seems that fully remote work and hybrid work are not going away anytime soon, we need to make sure that remote workers are secure.
It is not going away because the best employees will find another job rather than be forced to come into the office.
Forester Research says 68% of remote workers say they want to work remotely MORE often.
During the pandemic companies scrambled to have employees be able to work at all. As a result, many really bad security practices were sanctioned. Many of those are still in place.
Given that a huge amount of corporate data and corporate people are now and forever outside the corporate moat (i.e. in the cloud and outside the office), security is much harder.
This is especially an issue if companies allow personal devices – which may not be patched or have security software.
“The challenges are exponential and the attack surface has exploded,” says Bharat Mistry, technical director at Trend Micro, a cybersecurity company.
New risks include family members using employees’ computers, missing patches and AI making much more realistic phishing emails.
Personal hardware is a big problem since most companies don’t have any process for securing those devices – whether they are computers, phones or tablets. Also, consider the networks those personal devices run on. There are no IT folks patching those networks. Many of them don’t even have a firewall or other security hardware.
Then you have Internet of Things devices, likely on the same network as your employee’s computer. That includes Smart door locks, refrigerators, washing machines and other devices. Again, when was the last time you patched your washing machine?
Employees might be able to operate more securely, but that requires new and different cybersecurity training. We really need to upgrade employee work from home security training.
Passwords on personal devices are another issue. Password, Password1 and 12345678 are still often among the top 10 passwords found in password dumps after breaches.
Adding multi-factor authentication when accessing corporate resources is also important. Some companies are using MFA to protect some resources, but all companies are not using it to protect all resources.
If you need assistance in enhancing your employees’ home work rules, please contact us.
Credit: ZDNet