What is IT Security?
IT security is a set of strategies designed to prevent unauthorized access to organizational...
Remote working has exposed employees to a new threat scape, and 88% of businesses have seen an increase in cyberattacks as a result. It’s easy to see why: during March 2020 alone, 45% of companies had one or more devices accessing their corporate network from a malware-infected home network. Considering that homes now have an average of 12 devices and that these devices lack inherent security and basic updating capabilities, the stage is set for disaster.
In order to combat the myriad of threats posed by our new WFH normal, businesses must continuously reiterate their security training, follow IT security best practices. and employees need to remain up to speed. This article will discuss the Top 3 cyber threats the WFH or hybrid business models are facing followed with practical solutions to combat them.
On top of “ordinary” cybersecurity issues, companies are dealing with an explosion of phishing scams. The latest FBI IC3 Internet Crime Report shows Business email compromise (BEC) schemes tallied the highest reported losses in 2020 (19,369 complaints) with an adjusted loss of roughly $1.8 billion. The average BEC wire-transfer loss per business in 2Q of 2020 was $80,183 and phishing scams accounting for losses of more than $54 million.
The 2021 State of the Phish Reports:
According to the FBI, phishing was the most common type of cybercrime in 2020—and phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019, to 241,324 incidents in 2020.
KnowBe4 reported that nearly 38% of users who don’t undergo phishing scam awareness training fail to identify phishing scams during tests. In addition to implementing robust WFH security measures, businesses should view their employees as another line of defense and train them accordingly.
Using a work device for personal use is ever-more present and can allow for malware infections on the work PC. Before the user notices performance issues and runs antivirus, a program might execute to send sensitive files to the cloud somewhere. And so, if the work device becomes exposed or compromised through one of these scenarios, and the VPN can now double as an attack vector on the corporate network. With the VPN now working as an attack vector for ransomware, endpoint solutions like antivirus aren’t enough to block such threats.
In addition to a VPN, businesses often employ endpoint security, and while it may work on PCs and mobile devices, you can’t download antivirus software on smart home devices—like a Google Nest Camera, Peloton bike, or an Alexa smart speaker. And since corporate devices sit on the same network as these devices, a compromised IoT device or home network can then turn that VPN into an attack conduit instead of a protector.
Protecting remote employees’ home networks from being compromised should be a top priority for any company's IT team. These networks are largely unregulated and pose one of the biggest threats to the corporate network with unsecure IoT devices and potentially infected laptops, phones, and even gaming consoles connected to them.
A Zero Trust model, "requires authorization for any person or device attempting to connect to a network or access network resources, even for users already within the network perimeter". Zero Trust is one of the most effective ways for organizations to control access to their networks, applications, and data. It combines a wide range of preventative techniques including identity verification and behavioral analysis, micro-segmentation, endpoint security and least privilege controls to deter would-be attackers and limit their access in the event of a breach.
It is not enough to establish firewall rules and block by packet analysis – a compromised account that passes authentication protocols at a network perimeter device should still be evaluated for each subsequent session or endpoint it attempts to access. Having the technology to recognize normal versus anomalous behavior allows organizations to step up authentication controls and policies rather than assume connection via VPN or SWG means the connection is fully safe and trusted.
Personal computers, phones, and even gaming consoles connected to a work network can all easily become infected with malware or spyware, even with endpoint security measures in place. If an employee connects to a business’ network with an infected laptop, the malware could spread and compromise an entire corporate network.
Even the best corporate security strategies will fall short for remote working if they don’t take the home environment into account.
It is just as important to secure threat-prone consumer IoT devices like Amazon Alexa, Ring Doorbells, etc.
When it comes to protecting against IoT and router vulnerabilities in remote environments, VPN and Endpoint protection aren’t enough. A network-level security approach is needed to fill these gaps.
There is now a complement to existing traditional enterprise security technologies. It provides businesses with remote-networking WiFi management and a secure cloud platform to facilitate the co-management of employees’ home networks. The solution delivers remote network visibility and security tools for both the employer and employee, plus it gives remote workers the ability to segment their work and home networks for enhanced security.
If an IT team can view the health of employee networks in real-time, they can proactively address threats and mitigate potential risks before they turn into real problems.
If your business would like more information on these solutions, please contact us!
*Michelle Hinds is the founder of Accurate Cloud Solutions. ACCURATE CLOUD SOLUTIONS, LLC has relationships with over 300 global providers. As a collaborative team, Accurate Cloud Solutions works hard to provide the solutions that are exactly what your business needs today and for the future.
IT security is a set of strategies designed to prevent unauthorized access to organizational...
The internet can be the wild west, with the threats of malware, ransomware, worms, and phishing...