Work from home practices introduce significant cyber risk to any organization. Worryingly, BitSight research discovered that remote office networks are 7.5 times more likely to have at least five distinct malware families on them than a corporate network.
As remote workforces become the norm, this should ring alarm bells for security leaders. When an employee uses a corporate device on a home network, malware can propagate to the corporate network. This is especially problematic given user behavior and the dynamics of home networks. In 52% of cases, corporate-issued devices are used by family members or trusted friends. These assets also share the same network as potentially insecure IoT devices such as alarm systems, smart TVs, refrigerators, and more.
This brings challenges to security practitioners who have little control over what happens on networks based in private residences.
To create the most secure environment, here are three ways to build better cybersecurity for a remote workforce strategies for the year ahead.
1. Reduce over-dependence on traditional network controls.
The network perimeter is one of the most closely managed and watched elements of any comprehensive security program. But as the perimeter has expanded to the home office, the attack surface has grown substantially.
To protect your organization, reduce your over-dependency on local trusted networks and physical-based network controls. Instead, invest in technologies and operations that better harden workstations, services, and sensitive data while still enabling a successful remote workforce.
Adopting a zero-trust security model, where each user is verified before they connect to the corporate network, is particularly effective. Zero-trust combines several security practices including network segmentation, authentication, and least-privilege access (meaning users can only access data, networks, and applications for which they have a business need).