Remote work is here to stay.
After two years of the transition forced by the pandemic, the work habits once established as an obligation now are becoming a choice of a large number of employees. A hybrid workplace is bringing more life-work balance and increased productivity according to the survey by FlexJobs, stating that more than 2,100 people who worked remotely during the pandemic found that 51 percent report being more productive working from home.
Nevertheless, remote working during the COVID-19 pandemic drove a 238% increase in cyber attacks, according to Alliance Virtual Offices report. Gartner’s “7 top trends in cybersecurity for 2022” called the expansion of the attack surface that came with remote working a major concern.
Remote work and corporate security policies
To fulfill their obligations as employers, the organizations must permit employees to access corporate apps remotely, yet they lack the necessary security measures. Only 17% of firms said they limited remote access to corporate computers, while 71% said they allowed access to corporate assets from personal laptops and mobile devices.
The average cost of a data breach climbed by over $1 million if work offsite was a contributing element, according to IBM’s Cost of a Data Breach report. Additionally, it took 58 days longer for remote-working firms than office-based ones to find and stop the intrusion.
The top security controls in place to protect remote work/work from home are anti-virus/
anti-malware solutions (77%), firewalls (77%), virtual private networks (66%), and multi-factor
authentication (66%), according to the Work-from-home cyber security report by Cybersecurity Insiders.
Still, the biggest security challenge remains user awareness and training.
Work from home (WFH) has driven up the price of data breaches for the average organization by $137,000 since the pandemic began. But a lack of training may be at blame. 56% of remote workers receive twice a year or more of cybersecurity training, according to the Alliance Virtual Offices report.
Internet access security statistics
The fact is that hundreds of thousands of home users never update the default router password, and home WiFi networks are rarely protected using the most recent encryption and authentication techniques, which makes them vulnerable to data breaches.
In 2021, Check Point Research discovered over 10,000 new malicious files and 100,000 new malicious websites every single day. Nevertheless, organizations rarely apply internet-browsing security methods to protect remote users.
Best practices for remote working cybersecurity
Implement basic security controls
- Setting priorities and baseline security measures for daily operations, integration of VPN functionalities to standardize access to company resources, Multi-factor authentication solutions to increase security of resources which might be more vulnerable comparing to an office environment, preventing any potential of unauthorized access
Strengthen the corporate data protection program
- Defining sensitivity of data and levels of access of parties involved, regulations which are applicable within your scope and best practices directed towards reliability, creating a top level cyber security policy and adhering documentation e.g. Confidential data handling standard, IT acceptable use and security standard, IT backup and recovery policy
Establish a strong vulnerability management program
- Creating processes dedicated to managing risks and potential of exposure, mapping parts of the environment with greater risk, user-facing approach to raise awareness and educate according to best practices, continual involvement through analytic tools leading to potential of prevention
Review existing threat detection and incident response programs
- Maintaining systems and processes dedicated to protection of production environments and standard operations, actions often based on a Security incident response plan, mapping out roles and responsibilities in any occurrence
Implement and advance a zero-trust framework
- Security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data
Resources:
https://www.gartner.com/en/articles/7-top-trends-in-cybersecurity-for-2022
https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/
- DevOps vs. Agile: The Key Principles for Understanding the Differences - August 2, 2023
- Empowering Women in IT: Promoting Diversity and Inclusion in the Industry - March 8, 2023
- Unlocking the Power of Low-Code and No-Code: Simplifying App Development - January 17, 2023
