Work From Home Cyber Security

work from home cyber security

Work From Home Cyber Security refers to the set of practices, technologies, and measures that individuals and organizations implement to secure their remote work environments from cyber threats. Working from home (WFH) introduces challenges for cybersecurity, as employees access company systems and data from various locations and devices.

Working from home has become a global practice, presenting numerous advantages for both workers and employers. In the era of increased globalization, employees frequently encounter security risks and threats when working remotely from diverse locations during travel. While working from home offers convenience, it also brings about security risks. Whether employees utilize their personal devices (BYOD) or company-issued devices, the security risks associated with remote work increase when non-company peripherals are connected to the network (the tale of 3 buckets).

Work From Home Cyber Security Challenges

The Covid-19 pandemic played a significant role in accelerating the transition to remote work on a global scale. For many, a new experience, which caused a significant risk to remote work security. Numerous IT departments had days, rather than weeks, to take action to secure the organization, resulting in ad hoc policies. Furthermore, according to a report by Morphisec, almost half of office workers were new to WFH when the shift happened. This lack of experience with work from home, both on the employer and employee’s side, made it difficult to maintain cyber security measures outside of the organization’s traditional perimeters (Protecting Remote Connections).

Attackers, as opportunistic as ever, took advantage of the situation. Not only were enterprises struggling with implementing the relevant remote work from home cyber security measures, but there was now a larger attack surface to exploit as the number of devices to exploit increased (BYOD Security Risks). In just two months, Morphisec saw attacks rise by more than 100,000 per week. In February 2020, just a month before nationwide lockdowns began, the security company saw around 60,000 attacks per week. By April 2020, weekly attacks skyrocketed to more than 170,000 per week across five million endpoints.

Work From Home is Here to Stay

It seems that Work From Home is here to stay as enterprises begin to adopt a hybrid model. According to Gartner, 47% of organizations will give employees the choice to Work From Home on a full-time basis. Over than 80% will allow employees to Work From Home at least one day a week. This will likely come as good news to the many employees who enjoy remote work, with 65% stating a desire to WFH more than three days a week, according to a survey by Evolve IP. The same survey shows that 75% of employees deem themselves more effective when working remotely, averaging a 31% increase in productivity.

Remote Work Security

With more than a year to adjust to the new changes, organizations have improved their security approach to remote work with the adoption of and enhancements to, WFH policies. Employees are also getting more familiarized with the teleworking environment and how to minimize the remote working security risks.

Remote Work Security

Remote Work Security Vulnerabilities

However (yes, there is always a “but”), there are always security vulnerabilities. Evolve IP’s research found that 60% of employees believe that there could be improvements to security, with half of IT professionals agreeing (One Year of Working From Home). Primarily, policies and guidelines are ineffective if not enforced; 25% of employees with strict WFH guidelines do not even follow them. Of course, many enterprises have now backed their policies up with network and endpoint security solutions, if they had not already. However, due to the rapid shift to remote work, many employees use their personal devices for work purposes. Furthermore, a recent report suggests that around four in ten will remain permanent.

Personal Devices

This is a significant risk for enterprises as personal devices often go unmanaged and lack the necessary remote work security measures. 56% of employees use their personal computers as their work device. And a further 46% use their personal mobile phones. 60% of organizations do not have acceptable use policies for such devices. So, in many cases, there is not even an obstacle in the attacker’s way. In fact, 23% of employees are unsure of the security protocols implemented on their devices. That is like saying you are not sure if your door has a lock on it. I don’t know about you, but I would not be able to sleep at night knowing that my front door could potentially be opened by a burglar.

A lack of security measures is especially worrying since employees pose the most significant cybersecurity risk to organizations. And it is security solutions that mitigate such risks. Yet, even with security measures in place, such as NAC, VPNs, and IDS, malicious actors have successfully bypassed them through hardware-based attacks; and remote work makes this type of attack easier to carry out. Hardware attacks require physical access to an endpoint or network. And the various locations in which remote devices are used provide a more dispersed, less physically secure attack surface for attackers to exploit (Protecting Remote Connections).

Hardware Security as the First Line of Defense for Work From Home Cyber Security

The main challenges regarding remote work are a lack of control over device usage, and the ineffectiveness of security solutions. As such, enterprises need to focus their attention on hardware security as the first line of defense. Sepio’s platform (HAC-1) provides visibility of all hardware assets operating across the corporate infrastructure on both the USB and network interface. HAC-1 analyzes the Physical Layer to detect and identify all devices, and their true identity. This capability allows the organization to effectively enforce hardware access control policies based on roles and device characteristics.

When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process that blocks the device. As a result, enterprises can minimize the risks associated with remote work at the first opportunity. And no longer need to rely on employees and ineffective security solutions to provide protection. As telework looks like the new norm, security departments need to ensure that the most efficient tools are deployed. Without them, the enterprise will become a victim to a hardware attack sooner rather than later.

April 18th, 2021