We live in a time where the idea of employees staying connected and being productive anywhere in the world is no longer a benefit, but a necessity. Historically, organizations offered remote work options as both a way to attract and retain top talent, and as a competitive differentiator enabling agility. Some organizations have built entire business plans around ‘gig' and contract workers, enhancing existing business operations with third-party and non-traditional workers in a variety of shifts, roles and locations. This flexibility not only ensures business resiliency and workforce continuity, but also allows organizations to better prepare for unforeseen events that can keep employees from getting to offices and facilities. However, with remote work options, it’s critical organizations have the right level of threat visibility and response in place to support workers and stay ahead threats to minimize their impact on the business.
As organizations adjusted to the new normal of working from home, threat actors worked quickly to identify new security vulnerabilities. Remote work environments are particularly susceptible to attacks like spear phishing and malware, as well as human error and insecure Wi-Fi. Dynamic workforce access introduces significant security implications that require the right safeguards to be in place.
Here are five key considerations and potential security pitfalls of a remote workforce:
#1: Level of Security Awareness
Not all employees have the same level of security awareness, meaning not every employee is a security expert. Their behavior as they connect to corporate assets can introduce cyber risk, often without their knowledge. Even with internal training, new threats may find ways to confuse and encourage users to open pathways to the organization, which we have seen with targeted phishing attempts, unencrypted communication of sensitive information and more. This is now exacerbated by more employees working from home and remote locations.
#2 Shared Device
It’s safe to assume that employees might possibly share work devices and computers with family members when working from home. Family members are unlikely to follow and practice good security hygiene implemented by your organization. For example, connecting an unknown USB drive or cable to your company-issued device can result in direct hacking and or malware.
#3 The Home Network
Connecting from a home network introduces risk as there is no standard configuration for access technologies like Wi-Fi. Additionally, employee devices are sharing the same access point with other connected personal devices and IoT devices such as webcams, smart home devices and home printers. These devices do not typically have the latest security patches installed, creating additional risk and a potential point of entry into your environment.
#4 Reach of Corporate Security Controls
Proxy servers, mail filters, IPS/IDS and other corporate solutions may not play as significant of a role in stopping threats when employees connect from outside corporate facilities. If your employee’s work device is a BYOD, it may not have the same security protections as a company-issued laptop, tablet or phone. With employees accessing systems and applications remotely and at the same time, UEBA tools may have trouble establishing a new baseline for what “normal behavior” is and is not for each user.
#5 Hardened Devices
Ensuring that devices remain patched and updated, and that antivirus and other security tools have the latest signature updates, can be more challenging to enforce with a remote or dynamic workforce. Patching typically happens during off-hours. More employees working with varying “9 - 5" work hours to accommodate for childcare, eldercare, and other things, means security updates can be delayed or paused.
A virtual workforce changes everything. Remote work means several things for security teams — from shifting the way they handle day-to-day access to narrowing in on potential insider threats. The considerations above have the potential to increase cyber risk through new attack vectors that can be abused by malicious actors and act as a path back to the corporate network.
Extending Visablity to the Dynamic Workforce
To combat these new risks, on-going employee education and visibility are your best weapons and need to extend from the internal organization infrastructure to the endpoint. Combining traditional log monitoring with the ability to monitor network packets lets organizations see how threats are traversing the network and recreate entire network sessions for deep analysis. Additionally, organizations should monitor activity across all endpoints, on and off the network, for deep visibility into the state of your organization’s security posture to better understand when there is an issue and determine the potential impact to the organization.
Author: Brian Robertson
Category: RSA Point of View, RSA NetWitness Endpoint, RSA NetWitness Platform, Threat Detection