The good old days when IT teams could quickly circle their company’s network to secure it from threats are no longer here. Today, there’s a lot to contend with.
Many unsteadiness and fluctuations from network endpoints and 24-hour access create loopholes in network security.
A data report by Microsoft reveals that 81% of enterprise organizations have started diving toward a fixed hybrid workplace system. But as this development continues to become a bold reality in the private and public sectors, the attack surface of cyber threats continues to expand, with threat actors exploiting the situation.
A hybrid work system permits employees to choose to work remotely or work from the office, better still, alternating between both. Gartner analysts say that more than half (53%) of American employees will prefer to work remotely in 2022 — a figure about twice the statistics given in 2019.
In essence, both employees and employers are increasingly embracing the hybrid framework. But with the threats to devices in the hybrid workplace, how do organizations secure their corporate networks?
Organizations that do not uphold a vital security hygiene strategy, such as turning on Multi-Faceted Authentication (MFA) or applying updates, potentially harm their reputation, privacy, and data. However, there are more threats to device security that business owners must critically examine:
VPN Bypass
VPN connections make it hard for data decryption without the encryption keys. Hence, it secures the connection between a remote worker’s device and a corporate server. Because of its robust security capabilities, most organizations require it for their employees to build connections with the company’s resources.
However, some employees neglect VPN connection, probably because it drops connection or drags it — which could be frustrating—bypassing top-level VPN software such as those provided by NordLayer could be devastating to a company’s reputation if there were a successful cyber attack as a result.
In the absence of a company VPN, a remote worker would have to connect either via a public network or a home network with minimal security apparatus.
A home network user may enjoy better security features than a public network user. However, the kind of devices and configurations used in connecting can also deter network security.
Device Theft
There could be a severe security breach when mobile devices accessing company information are either missing or stolen, especially when these devices are not secured with strong passcodes, encryption, or remote wipe functionality.
Another issue is workers permitting their family members to access their business computers. Meanwhile, hundreds of stolen or missing devices have been recorded on the UK’s financial watchdog from potential remote workers over the past 36 months.
Eavesdropping or Shoulder Surfing
Remote and office-desk workers engage in trips of diverse forms, making them vulnerable to being overheard disclosing sensitive information or snooped on while revealing sensitive data on their mobile devices.
Even when such delicate information is partially uncovered, it could still be quite lethal to an organization’s network security in follow-on social engineering attempts or identity fraud.
Unsecured Endpoints
When all employees worked directly from the company’s office, it was much easier for IT teams to minimize potential vulnerabilities in network security.
However, the hybrid system makes it difficult to monitor what is happening at the edge of an employee’s home network. IT teams would rather depend on remote workers to be constantly vigilant of security threats. Or they may consider implementing Zero Trust network policies.
How to reduce device security risk?
The earlier we implement proper security measures, the better the company will thrive. Here are some measures to consider:
- Institute regular training programs for employees: Consider awareness training which includes safe web usage, password management, and social engineering.
- Device security should receive top-level concerns: Devices themselves should be appropriately managed and protected by IT departments. Critical features to protect devices include biometric authentication, strong disk encryption, data wipe, endpoint security, passcode protection, regular patching/automatic updates, and cloud backup.
- Zero Trust security model: This highly protective model was designed to help organizations secure their resources with a mandatory checking procedure for every potential user or device requesting access to the company network. The primary feature of this model is to have a steady risk-based device, network, or user authentication process and other required security controls. Zero Trust implies that no implicit trust is given to any potential access until they have been validated.
Conclusion
Be smart with onboarding new technology. When onboarding new technology, apply it appropriately to your network and capture activities around it. In addition, consider apps that prioritize user privacy. Privacy-focused apps help prevent you from being a victim of cybercrime by securing your personal information.
