Secure Remote Work: New Threats Require a Shift in Policy and Training

Secure Remote Work: New Threats Require a Shift in Policy and Training

Working from home introduces significant cyber risk to any organization. However, recent events reveal that it’s not a case of “if” but “when” bad actors will exploit the rampant vulnerabilities on home networks.

As Bitsight reported last week, a group of Russian hackers called “Evil Corp” have targeted large U.S. corporations with sophisticated malware injected into remote computers connected to the corporate network.

Yet despite increased attacks, a study by IBM and Morning Consult reveals significant shortcomings in the technology and training provided to remote employees to keep them safe. Employees themselves are adjusting to new work environments and procedures, and many are overlooking how this change might impact their overarching organization. A new survey by Unisys found that 70% of Americans are not concerned about the cybersecurity implications of working from home.

This should ring alarm bells for security leaders who must find ways to better mitigate risks of remote work environments and improve security guidance for employees. Here’s what we recommend:

Identify and secure the riskiest remote connections

As the Evil Corp attack shows, remote office networks are increasingly susceptible to malware. In March 2020, we looked at a sample size of 41,000 U.S.-based organizations and found that certain environments are 7.5x more likely to have at least five distinct families of malware on them. There is also up to a 20x higher population of malware on remote office networks than corporate networks.

Because these networks are based in private residences, security teams have little control over what happens on them. Gaining visibility into the risks posed by work from home networks can help organizations understand specifically where those risks are concentrated and what measures they should take to better secure the expanding network.

With Bitsight Work From Home-Remote Office, part of our Security Performance Management portfolio, organizations can discover security issues that reside on remote office IPs. These insights can help inform existing incident responses and adjust plans to mitigate new threats.

With the Working From Home solution, security teams can investigate potentially risky residential IP addresses – such as those infected with malware and botnets – then devise remediation strategies tailored to the established risk points. They can also adopt a more sophisticated approach by pulling residential IP risk data and using it to create an IP risk score. For the riskiest IPs that fall below a certain threshold, organizations can implement tighter firewall and VPN rules. They can also curtail risky employee behavior by restricting access where necessary.

Update security policies and employee guidance

As the IBM and Morning Consult study finds, more than half of employees have yet to be given any new security policies on working securely from home or protecting the security of corporate devices, even as a large majority of workplaces have gone remote.

This is especially problematic given user behavior and the dynamics of home networks. In 75% of instances, corporate laptops are used by family members or trusted friends. In other instances, these laptops may share the same network as dozens of vulnerable home IoT devices such as gaming consoles, smart TVs, refrigerators, alarm systems, and more. Whether out of convenience or a lack of awareness of corporate cybersecurity policy, this behavior introduces unnecessary risk and could violate corporate security protocols.

To create the most secure environment, organizations must not only update their security policies to address new threats lurking in home office environments, they must also train users to adopt secure behaviors. Users should be encouraged to embrace easy-to-implement security measures, such as always using their company’s VPN connection, applying patches, and not lending laptops to other family members.

Mitigate risk through visibility and education

The true scope and future activity of Evil Corp remains to be seen. One thing we can be sure of: the shift to a remote workforce has created unprecedented security challenges for organizations. In this new work environment, security leaders must find ways to discover previously un-discoverable security issues, adapt security controls based on risk, and provide greater education to users about how to easily protect themselves from cyber threats while working from home.