Work from home practices introduce significant cyber risk to any organization. Worryingly, BitSight research discovered that remote office networks are 7.5 times more likely to have at least five distinct malware families on them than a corporate network.
As remote workforces become the norm, this should ring alarm bells for security leaders. When an employee uses a corporate device on a home network, malware can propagate to the corporate network. This is especially problematic given user behavior and the dynamics of home networks. In 52% of cases, corporate-issued devices are used by family members or trusted friends. These assets also share the same network as potentially insecure IoT devices such as alarm systems, smart TVs, refrigerators, and more.
This brings challenges to security practitioners who have little control over what happens on networks based in private residences.
To create the most secure environment, here are three ways to build better cybersecurity for a remote workforce strategies for the year ahead.
The network perimeter is one of the most closely managed and watched elements of any comprehensive security program. But as the perimeter has expanded to the home office, the attack surface has grown substantially.
To protect your organization, reduce your over-dependency on local trusted networks and physical-based network controls. Instead, invest in technologies and operations that better harden workstations, services, and sensitive data while still enabling a successful remote workforce.
Adopting a zero-trust security model, where each user is verified before they connect to the corporate network, is particularly effective. Zero-trust combines several security practices including network segmentation, authentication, and least-privilege access (meaning users can only access data, networks, and applications for which they have a business need).
Ransomware attacks have been rising at an alarming rate — with victims ranging from one of the largest fuel suppliers in the United States to Ireland’s Department of Health. Download our ebook to learn more about:
Unpatched systems are one of the leading causes of risk exposure – yet organizations continue to lag in patch management. Studies show that some of the most common vulnerabilities and exposures (CVEs) used in ransomware attacks have been known for almost a decade, impacting everyday applications such as Adobe Acrobat, Java, and Windows.
Patches are available, but they have to be applied to be effective, less organizations remain vulnerable. Indeed, new vulnerabilities will continue to be discovered, published, and weaponized throughout the next several months and it’s imperative that systems that are vulnerable to attack are updated and patched.
Use BitSight for Security Performance Management to identify your organization’s digital assets – wherever they’re located – and continuously monitor for vulnerabilities, such as unpatched systems and applications.
We examine the common themes in many of the regulatory approaches -- including executive and Board responsibility, measuring security effectiveness, and managing risk in the ecosystem.
Malicious actors will continue to capitalize on the adoption of remote work and users should be educated and reminded continuously of the methods used as attack vectors.
Consider the following:
For more information on reducing risk and finding efficiencies so your employees can stay home and stay safe, check out these resources for cybersecurity for a remote workforce.