Work from home practices introduce significant cyber risk to any organization. Worryingly, Bitsight research discovered that remote office networks are 7.5 times more likely to have at least five distinct malware families on them than a corporate network.
As remote workforces become the norm, this should ring alarm bells for security leaders. When an employee uses a corporate device on a home network, malware can propagate to the corporate network. This is especially problematic given user behavior and the dynamics of home networks. In 52% of cases, corporate-issued devices are used by family members or trusted friends. These assets also share the same network as potentially insecure IoT devices such as alarm systems, smart TVs, refrigerators, and more.
This brings challenges to security practitioners who have little control over what happens on networks based in private residences.
To create the most secure environment, here are three ways to build better cybersecurity for a remote workforce strategies for the year ahead.
1. Reduce over-dependence on traditional network controls.
The network perimeter is one of the most closely managed and watched elements of any comprehensive security program. But as the perimeter has expanded to the home office, the attack surface has grown substantially.
To protect your organization, reduce your over-dependency on local trusted networks and physical-based network controls. Instead, invest in technologies and operations that better harden workstations, services, and sensitive data while still enabling a successful remote workforce.
Adopting a zero-trust security model, where each user is verified before they connect to the corporate network, is particularly effective. Zero-trust combines several security practices including network segmentation, authentication, and least-privilege access (meaning users can only access data, networks, and applications for which they have a business need).
2. Improve your patching cadence
Unpatched systems are one of the leading causes of risk exposure – yet organizations continue to lag in patch management. Studies show that some of the most common vulnerabilities and exposures (CVEs) used in ransomware attacks have been known for almost a decade, impacting everyday applications such as Adobe Acrobat, Java, and Windows.
Patches are available, but they have to be applied to be effective, less organizations remain vulnerable. Indeed, new vulnerabilities will continue to be discovered, published, and weaponized throughout the next several months and it’s imperative that systems that are vulnerable to attack are updated and patched.
Use Bitsight for Security Performance Management to identify your organization’s digital assets – wherever they’re located – and continuously monitor for vulnerabilities, such as unpatched systems and applications.
3. Mitigate risk through education
Malicious actors will continue to capitalize on the adoption of remote work and users should be educated and reminded continuously of the methods used as attack vectors.
Consider the following:
- Implement strict yearly training for employees and interconnected vendors to bring everyone up to speed on changing threats and how to protect the company.
- Make them aware that these threats and best practices extend beyond the corporate network and into the home.
- To further limit the attack surface exposed to corporate devices, encourage users to also follow best practices offered by manufacturers of their own personal devices.
- Share specific recommendations and best practices directly with employees.
For more information on reducing risk and finding efficiencies so your employees can stay home and stay safe, check out these resources for cybersecurity for a remote workforce.