You are currently viewing Five big remote work security challenges and how to address them

Five big remote work security challenges and how to address them

The rapid transition to remote working since March 2020 has created a new normal for organizations, which must now decide when to return to the physical office, if so, and in what capacity. According to PWC, research shows that when faced with the option of working fully remote, fully on-site, or hybrid, employees overwhelmingly choose a hybrid model, suggesting that all organizations will need to adapt to a range. remote and office preferences that may change based on pandemic conditions and a variety of other factors.

This flexibility, once a luxury, is now a necessity. Workers need secure access to data from anywhere using cloud applications, and their productivity depends on both their ability to stay secure and the quality of their experience, including speed and reliability of their network connections. Is modern infrastructure ready for permanent remote working? Here are five remote working challenges that need to be tackled first.

  1. The great resignation

Described as the so-called ‘the big resignation’, the supposedly massive movement of employees rethinking their jobs, employers and work-life balance in light of the pandemic is not just a fascinating psychological study, it is is also a security risk. In the last 30 days of employment, employees who quit their jobs upload 3 times more data to personal apps. Specifically, Google Drive and Microsoft OneDrive instances are the most popular targets. As this trend continues, there are significant potential security risks to watch out for as users take advantage of personal cloud apps to take data with them when they go.

Therefore, an organization’s security architecture must provide context for applications, cloud services, and web user activity, and enforce zero trust controls to protect data regardless of location and mode. access. By having more secure internal security controls, organizations can prevent data loss before it begins, especially as organizations continue to stay remote or implement a hybrid model.

2. Use home Wi-Fi networks without compromising security

Perhaps the greatest appeal of the work-from-home model is the convenience of working anywhere – as of June 2021, at least 70% of employees had continued to work remotely. Unfortunately, it is well known that using public wifi on corporate devices leaves gaps in cybersecurity protection. Before the switch to remote, secure office Wi-Fi provided peace of mind for employers. Now, employees use their own home and public Wi-Fi networks to stay productive, without the protections that may come with an employer’s network. By adopting a Zero Trust security model, reinforced by continuous and consistent internal security training, organizations can take proactive action to protect their business against such threats.

The ideal state is one of continuous adaptive trust, where organizations use context to gain a continuous, real-time view of data access requests, the risks they create, and how to mitigate those. risks. This includes identifying users, classifying the data viewed and examining the applications used on the network. This will help organizations better understand who is causing the risk, where it came from, why they are taking specific action, and how this can affect company data.

  1. Shadow computing

Organizations with 500 to 2,000 employees now use an average of 805 separate cloud applications per month, 97% of which are shadow IT applications freely adopted by business units and users. This leaves huge gaps that an organization’s IT professionals are unable to monitor, making it easier for malware to infiltrate an organization’s network.

In order to combat these threats, organizations should implement Cloud Data Protection (DLP) for sensitive data against internal and external threats on the web, email, Software as a Service (SaaS). ) and public cloud services. This can be done by implementing granular policy controls for data protection, including control of how data moves to and from applications, between business and personal instances, users, websites, devices and locations. At the same time, DLP must be implemented for sensitive data coming from internal and external threats on web, email, SaaS, shadow IT and public cloud services in order to have an impact on the security posture. of an organization.

  1. Ineffective and irregular risk assessments

Organizations should consider when was the last risk assessment of their cybersecurity systems. Most companies do not conduct or revise their risk assessments often enough. Cyber ​​security is not static; it is constantly evolving just like modern attackers, requiring constant monitoring.

That said, risk assessment is a crucial factor for a company’s security architecture that needs to be integrated into cyber practice. Businesses should consider using advanced analytics to visualize and discover application and data activity risks, threats, data protection breaches, key security measures, and investigation details . Additionally, regularly training employees while encouraging them to report suspicious activity in the cloud will help IT teams stay ahead of the game.

  1. Exposure to workload

Over 35% of all workloads are exposed to the public Internet within AWS, Azure, and GCP, with RDP servers, a popular infiltration vector for attackers, exposed in 8.3% of workloads of work. As an organization adopts cloud services, it is increasingly important to evolve access to key business applications, wherever they are. Moving beyond legacy virtual private networks (VPNs) for dial-up network access, to a modern, application-specific model is critical as an organization uses applications in data centers and public clouds.

This means using Zero Trust Network Access (ZTNA) for private applications in data centers and public cloud services. ZTNA offers an additional level of security that cannot be achieved by a VPN alone, as it has the ability to authenticate any device in the company, regardless of its location, which can significantly reduce exposure. applications and limit unwanted lateral movements of the network.

The future of work will remain uncertain. All organizations need to use security tools that can protect data wherever it moves and work remains hybrid, remote or in the office. Meeting these five remote work challenges is a set of concrete steps to take now.

About the Author: Ray Canzanese is the Director of Threat Research at Netskope.

Leave a Reply