Thanks to the COVID-19 pandemic, working remotely is now a new normal for most businesses across the world. While keeping the workforce safe from the pandemic, this rapid shift to remote work culture is also blurring the boundary between our professional and personal lives. Many employees are now struggling to provide childcare during work hours, while some are using their personal devices to fulfill their work duties.

This shift is changing the role of IT security and employers are now bending over backward to ensure a secure work environment for their growing remote workforce. But how exactly how is this changing network boundary posing new security risks?

Let us find out.

 

The Changing Network Boundary and BYOD Pose New Security Concerns

 Cybersecurity risks are looming everywhere and securing remote workplaces require extra stringent policies in place. Here are some common issues faced by employers due to this sudden transition to a remote workforce:

  1. Uninterrupted Connectivity: Businesses must ensure their remote workers are constantly connected to the corporate network. This means the VPN is always accessible, and there are no hardware or software-related issues. Most organizations are now forced to move away from a traditional data center environment and shift all their assets to the cloud for easy manageability.
  1. BYOD (Bring Your Own Device): Most personal devices do not come pre-installed with the correct security updates and measures. With no security and monitoring policies in place, personal devices, if used for work purposes can pose a bigger threat to a company’s security infrastructure than outside attacks.
  1. Lack of Security Awareness: Most remote workers are not educated on the importance of IT security. They are also finding themselves suddenly dealing with issues that were resolved by security teams in the past. Recent surveys are indicating that nearly 73 percent of employees do not have formal IT security awareness training and only 32 percent of businesses have offered antivirus software and end-point security devices to their remote workers since the start of the pandemic.
  1. Rise in Phishing Attacks: According to Barracuda, 51% of organizations have already seen an increase in phishing attacks since transitioning to a remote workplace. Phishing attacks can cause a myriad of issues for companies from data breaches to hack attacks.
  1. Network Lag and Latency Issues: With everyone working remotely, there has been an extreme spike in the usage of video conferencing, the internet, and personal messaging apps. While these methods keep the physically distant employees connected, they can cause network latency and slow internet speeds.

Securing Remote Work Through Zero Trust Policies

In the pre-Covid world, most businesses adhered to less restrictive security policies such as trust-based verification. However, the transition to a remote workforce requires a stringent approach known as Zero Trust. A Zero Trust policy simply dictates that no person, entity, device, or application should be trusted. It also means that no access should be granted beforehand, but it must be earned. To implement this Zero Trust policy, IT admins should establish MFA (multi-factor authentication) across all employee devices as well as follow the principle of least privilege to grant the lowest level of access possible.

By granting Zero Trust policies and granting the least level of access to employees, businesses can ensure a safer workplace for everyone during these trying times.

References and Citations
https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/05/03191550/6471_COVID-19_WFH_Report_WEB.pdf
https://www.mckinsey.com/business-functions/risk/our-insights/a-dual-cybersecurity-mindset-for-the-next-normal
https://blog.barracuda.com/2020/05/06/surge-in-security-concerns-due-to-remote-working-during-covid-19-crisis/
https://www.makeuseof.com/principle-least-privilege-prevents-cyberattacks/
https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/#:~:text=Zero%20Trust%20is%20a%20security,access%20to%20applications%20and%20data.