5 security threats in the hybrid workplace and how to address them?
A major consequence of the COVID-19 pandemic is the debate around remote working. According to the office of National Statistics (UK), since April 2020, 46.6% of people in employment did some work at home. Of those who did some work from home, 86.0% did so as a result of the coronavirus (COVID-19) pandemic.
The pandemic also played a key role in forcing businesses to migrate their business applications and infrastructure to the cloud for building digital resilience. While technology adoption has been a boon, data touchpoints are now more spread out than before. This has unintentionally increased possibilities of cyberattacks and misuse of security gaps by hackers.
This shift to work from home poses certain security risks for both employees and the organizations. How do we ensure that the new model of hybrid workplace is secure from cyberattacks?
NEED OF THE HOUR
The security threat landscape is becoming more dynamic– a recent McAfee Labs COVID-19 threat report noted that threats targeting cloud services have increased by 630%.
5 MAJOR THREATS
- During a work from home transition, some companies may face operational risks of not being able to support a large number of simultaneous Virtual Proxy Network (VPN) connections to their infrastructure and services. This can result in inconvenience for employees who require access to resources. This may even cause further strain on IT teams, if they’re not prepared for this. Bumping up the number of simultaneous VPN connections to accommodate all remote employees should be first on the security best practices list.
- Some organizations have a policy for centrally managing and deploying software and security updates to end points. Delivering them all at once to VPN-connected employees could create bandwidth congestion and affect inbound and outbound traffic. Gradual rollout procedures must be devised for deploying those updates.
- There is a risk of improperly implementing access and authentication policies, which will result in employees accessing unauthorized resources.
- There is the possibility of sensitive data ending up in shadow IT– solutions or devices that are not approved by companies and are difficult for IT teams to track and manage, let alone ensure the security firewalls.
- Many remote workers are likely to be accessing company servers or cloud accounts over public networks and the use of domestic IoT devices such as printers, cameras and TVs using default settings, creating further vulnerabilities.
THE WAY FORWARD
- The most dangerous threats are not the ones that have been previously detected, but the ones that are yet to be discovered.
- Businesses should break down barriers, whether institutional or resource-wise, that hinder possible advantages of utilizing the latest in cyber threat protection; these advancements include technologies such as big data and predictive AI.
- Organizations must consider security solutions that provide advanced web security protection across end points and technologies preventing exploitation of network vulnerabilities. Strong anti-phishing and network-attack defense technologies that can accurately detect and block such threats from preying on employees are a must.
- It’s going to be increasingly difficult to keep a check on remotely-working staff behavior. It’s inevitable that employees are enabled to meet the challenges of their new environment and act as the first line of defense.
- Adopting a zero-trust approach assumes the possibilities of attacks from inside and outside the organization. This requires any attempt to access data or internal infrastructure with unsanctioned tools to be treated as a network security risk and be authenticated. By reducing the amount of data; each employee can access and keep information on a need-to-know basis; hence the likelihood of phishing attacks is lowered.
The hybrid workplace offers a great challenge for IT leaders who have to simultaneously manage and mitigate network security risks that occur both in and out of the office. At the same time, they must provide a seamless experience that enables employees to work from anywhere. Businesses need to invest in security solutions that provide greater visibility into employee behaviors and reduce complexity. They must educate employees about threats to prevent security incidents before they happen.