There’s still ground to cover in the vaccine rollout, and when we can return to the office for good remains unclear. When we do, it’s likely many people will have truly flexible working practices. It is no secret that cyber criminals have capitalized on the remote or hybrid working trend, viewing those employees as vulnerable targets.
About the author
John Vladimir Slamecka is President AT&T EMEA & LatAm.
Their work devices – now outside of the traditional on-premise perimeter – are access points. Our latest cybersecurity study found that 55% of workers were the target of a cybersecurity threat while working remotely over the past year. It’s entirely reasonable to suggest this figure will rise as cyber criminals adopt more advanced tactics that become progressively more difficult to stay ahead of.
Who is to blame?
The study found that two thirds of remote workers claim to be more aware of cybersecurity threats since shifting to home working. It may be through ignorance or belligerence, but either way their habits and rituals are putting them and their employers in danger. The lines between our professional and personal lives have been blurring over the last year and will continue to converge as remote working becomes a permanent feature in the lives of many. This is not just characterized by longer hours and an always-on culture, but the increasingly hybrid way we use our devices and the internet.
The study also shows over half of workers are regularly using their work devices for personal purposes, such as online banking, social media and even online gambling. A third regularly connect work devices to smart home devices, such as smart speakers and doorbells, which are often poorly protected. Famously, a casino was hacked through an internet-connected fish thermometer in 2017. More recently there have been numerous reports of cyber criminals gaining access to home Wi-Fi networks and other connected devices.
Remote workers might not think twice about the risks of checking social media during their lunch break on a work device. But third-party consumer apps present a constant risk. Just look at the recent leak of information for over 500 million users’ across 106 countries. A breach of this magnitude is likely to have a very wide impact, and once favorite passwords are stolen, other accounts may become vulnerable.
But the blame cannot solely fall on the shoulders of remote workers. Two in three believe that practicing good cybersecurity at work is challenging, and this is exacerbated by inadequate training or technical support (22%) and lack of prioritization by senior management (18%). Businesses that initially paid less attention to cybersecurity to speed up the transition to home working have not only taken a risk but have left their employees feeling vulnerable. That needs to be addressed quickly to provide for business continuity and to better protect their workforce from any future cyberattacks.
What can be done?
The traditional on-premise perimeter is now obsolete. Our dynamic working environment requires a risk-based approach to cybersecurity that is continuously evolving. The foundational practices are no longer enough and the pressure on IT teams to keep track of so many devices outside of the corporate environment is an enormous challenge. Staying one step ahead of cyber criminals requires businesses to invest in regularly educating their workforces and equipping them with technology that can mitigate against what we might call ‘human error’.
Just as businesses have introduced measures to support the physical and mental well-being of their employees, they should educate and support their employees to help them better understand cyber safety while working outside the office. This should include mandatory steps like ensuring employees can access highly secure internet connectivity and web-based applications. Businesses should also provide enhanced cybersecurity training to help employees decrease the risk from attacks and protect everyone involved. However, with that said, a comprehensive approach to cyber security must go beyond just training.
The rapid evolution in the world of work is an immense challenge for security leaders. The workforce in months and years ahead will be hyper-distributed. The move towards cloud-based network security models such as SASE – an architecture that combines wide area network (WAN) technology with comprehensive security functions – is underway. Legacy infrastructure will struggle to support this new workplace dynamic in the most effective way.
It needs to become an interconnected ecosystem with data flowing in a highly secure manner between different points. That means protecting applications, networks, smartphones, servers behind corporate firewalls, data centers and the data in transit to or from the cloud and more. With such complex infrastructures, and employees regularly connecting their laptops to unsecure networks and devices, it is now clear that businesses must take a Zero Trust approach to cybersecurity. Zero Trust assumes that traditional access credentials are no longer sufficient to accurately establish trusted identities for user, device, and application access. Rather, organizations should undertake continuous, risk-informed assessments and deploy granular security controls to manage, monitor, and reinforce access.
If not, the cybercriminal won’t bother knocking. They won’t have to.
