Top 6 Security Threats Targeting Remote Workers
Remote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are.
![young asian business man wearing suit and shorts working from home meeting with colleagues online using video chat on laptop young asian business man wearing suit and shorts working from home meeting with colleagues online using video chat on laptop](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc106f0eef60b04d8/64f151e0e4356be594efb76d/remotework-casualdress-imtmphoto-alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)
Now that they've gotten a taste of remote work, employees increasingly prefer to keep it up. Indeed, a recent Gallup study shows that 91% of Americans working remotely hope to continue working from home after the pandemic.
Remote work offers great benefits, like reduced commute time, increased freedom, and more time to spend with loved ones. But there can be security downsides if sufficient controls are not in place to protect remote workers against the digital threats that come with working via unsecured connections.
"Being on a home network lacks the layered network security of the company environment," says Matthew Ulery, chief product officer at SecureAuth. Remote work itself is not new, but the dramatic shift to working from home over the past two years means there are more security-naive people who are not in the office, he adds.
Not all security threats are the fault of technology. Much of it also comes from human error.
"Remote work greatly exacerbates human-activated risk," says Robin Bell, CISO at Egress. "People are working in more distracting environments where they may have to answer the door for deliveries or might multitask with household chores. That means mistakes are more likely to happen, like sending an email to the wrong recipient or falling for a malicious email attack."
Recent research by Egress found that 77% of IT leaders said they have seen an increase in security compromises since going remote two years ago.
As a security pro, what do you need to be looking out for? Here are the top six such security threats faced by remote workers and how employees and employers can minimize them.
Threat: Using a less secure Internet connection
Solution: Enable MFA; use a VPN
The biggest problem with a home-based work setup is the lack of security controls to safeguard the employee's connection.
It's not easy for the corporate IT staff to manage employee security when people are working from home, said Lance James, CEO at Unit 221b, during one of the company's recent "CyberSecChat" online discussions.
Part of that is because remote employees may be allowed to use their own computing equipment and Internet connection, "essentially disconnected from the organization's computing and network infrastructure, and by reference, bypassing defense-in-depth protections provided by the organization's security infrastructure," says David White, founder and president of Axio.
This becomes more problematic because many workers use the same device for professional and leisure purposes. Spouses, children, nannies — everyone is using the same network, so if one device gets infected, the virus can jump on your other systems and everything goes down, said Charles Everette, director of cybersecurity advocacy at Deep Instinct, who participated in the aforementioned CyberSecChat.
This is called cross-traffic contamination, and it can lead to the loss of critical company information.
However, there are ways to manage these risks. The best option is to enable two-factor or multifactor authentication, Everette said. Bell also recommends organizations use VPNs or have a zero-trust networking approach. That means there is no default trust from inside or outside the network, and anyone attempting to gain access to network resources must verify their identity.
Threat: Can't monitor endpoints
Solution: Make it easy to report incidents
Some companies actively invest in the continuous monitoring of their remote workers. As such, the traffic flowing between the remote user and the organization is monitored and analyzed for anomalies, and the computer used by the remote employee operates in tandem with endpoint detection and response (EDR) capabilities to identify threats that may have made it to the desktop, says Axio's White.
"In this scenario, an event that may constitute an incident requiring response could become apparent to network and cybersecurity personnel well in advance of the remote user's awareness," he explains. "They often receive notification from incident response teams that there was an intrusion attempt on their computer or that a threat has been realized."
However, when remote users are predominantly using their own infrastructure and are not logged into the company's system, the potential for incidents occurring without the knowledge of incident response teams increases greatly.
Corporate environments have playbooks for handling threats since they have a controlled physical environment. But this can be difficult to execute in a remote environment, Unit 221b's James said during the online discussion. "If people don't change the password even after you told them to, are you going back to check that?" he said.
This kind of accountability and monitoring is reduced in a work-from-home setup. "Remote employees work at arm's length from their security teams, and this can mean that security incidents go unnoticed or unreported for longer, causing more damage than they otherwise would," Egress' Bell says. "This gives threat actors a longer window of time to move through networks to find the most critical assets and data."
So what's the solution to overcoming this problem?
The starting point for security teams is to make reporting incidents easy by using different media channels.
"A lot of the times attackers go after anybody new to the company because they haven't had their security awareness training yet," James says. So having a shorter timeline for adding such security measures can go a long way in safeguarding the network.
Threat: Outside chat channels
Solution: Secure chat
When remote workers are communicating with each other, they often use third-party channels like Slack, Teams, and Discord, which aren't controlled or monitored by the employer, Unit 221b's James said.
The biggest risk here is that "when employees access these applications, there is increased potential that they will download a virus or malware by a curious click on a link or by being lured into click-bait," Axio's White says.
Moreover, wherever people are sharing sensitive data, whether over email or via unmonitored apps, there is the risk of data loss, Egress' Bell says. "This could happen because of human error — for example, sharing a file on the wrong Teams chat — or people could intentionally use these channels to exfiltrate data."
Another factor here is the comfort zone. "With messaging apps, the risk of accidental data loss is even greater as these tools encourage a more informal type of communication, meaning that people let their guards down more," he adds.
The solution?
The most obvious safeguard is to use secure channels of communication and ensure file sharing is encrypted. White also recommends organizations use a layering of controls to better control mobile traffic.
Threat: Unsecured files
Solution: Encrypt data
Just as communicating on unsecured channels can lead to increased security risks, so can sharing and storing files on unencrypted channels.
"Most people don't know where the data is actually stored," Unit 221b's James said during the online discussion. "They're wandering around with all that data all the time, and companies can't control how often they lock their phone."
During the same discussion, Deep Instinct's Everette added that employees may get frustrated with multiple security measures. "I hear it all the time," he said. "People say, 'I hate logging into VPN. I hate having to pull up my phone to do two-factor authentication.'"
James said companies like Microsoft and Google can solve this problem by making encryption easier so data is safe regardless of where it's stored.
Threat: Risky behavior
Solution: More training; password credential managers
A lot of employees prefer remote work because of the comfort and lack of restrictions it offers. But these same factors can lead to cybersecurity risks if not managed properly.
"When you're in the office, you have rules on what you can and can't do, but at home, you're more relaxed about strict security measures," Deep Instinct's Everette said. "You'll take more risks, be more likely to visit a sketchy site that you normally wouldn't do at the office because now no one is monitoring your activities at home."
There's also the distraction of kids, pets, and visitors that may force an employee to get up from their computer in the middle of a task.
Without organization-controlled timeout of applications and logged-in network sessions, the possibility that a remote employee walks away from an unlocked computer increases significantly, Axio's White says.
"This may allow other family members or guests to view data or information that is sensitive or subject to special protections, such as health information," he adds. "Plus there is always the potential for over-the-shoulder peering of data from family members while a remote employee is working."
How can this be managed?
"There must be regular and mandatory cybersecurity training, and employees should be aware of and agree to abide by cybersecurity policies that detail the expected behaviors when using the organization's network and computing assets, both in the office and remotely," White suggests. "Employees must understand the potential consequences of inadvertent or willful violation of these policies."
Egress' Bell also recommends the use of password credential managers, which advises users where they are reusing passwords and alerts them when their usernames have been collected in a breach.
Threat: Harder to verify phishing attempts
Solution: Zero trust
"We've seen a 600% increase in phishing emails since the pandemic hit, and the number is only going up," Deep Instinct's Everette said during the online talk.
Phishing attacks do not differentiate between remote and in-office employees, but there are situations in which remote employees become more vulnerable, says Brian Johnson, CISO at Armorblox.
The line between work and home life becomes blurred in a home-office setup, which means employees often work longer hours, Egress' Bell says. "Tired, distracted people are the perfect target for cybercriminals, and that's why phishing is a greater threat for organizations with a remote or hybrid workforce," he says.
Phishing attacks involve impersonating brands, employees, and vendors to trick the employee into committing wrong or malicious acts.
"If the employee works in an office, they can potentially use the virtue of physical presence to quickly discern the intent of these emails," Bell adds. "For example, if there is a malicious email that impersonates a VIP from the company asking a colleague to buy gift cards for them, the employee can easily walk to the VIP and confirm if the ask is legitimate. This can become challenging when working remotely."
Companies can mitigate these risks by properly training employees to recognize phishing emails and take the right steps to report and control such issues.
A more effective approach could be using a zero-trust architecture.
"A zero-trust environment essentially levels the playing field by treating insiders and outsiders the same: No entity should be automatically trusted, and all access must be verifiable through continuous authorization and authentication," Axio's White says.
Threat: Harder to verify phishing attempts
Solution: Zero trust
"We've seen a 600% increase in phishing emails since the pandemic hit, and the number is only going up," Deep Instinct's Everette said during the online talk.
Phishing attacks do not differentiate between remote and in-office employees, but there are situations in which remote employees become more vulnerable, says Brian Johnson, CISO at Armorblox.
The line between work and home life becomes blurred in a home-office setup, which means employees often work longer hours, Egress' Bell says. "Tired, distracted people are the perfect target for cybercriminals, and that's why phishing is a greater threat for organizations with a remote or hybrid workforce," he says.
Phishing attacks involve impersonating brands, employees, and vendors to trick the employee into committing wrong or malicious acts.
"If the employee works in an office, they can potentially use the virtue of physical presence to quickly discern the intent of these emails," Bell adds. "For example, if there is a malicious email that impersonates a VIP from the company asking a colleague to buy gift cards for them, the employee can easily walk to the VIP and confirm if the ask is legitimate. This can become challenging when working remotely."
Companies can mitigate these risks by properly training employees to recognize phishing emails and take the right steps to report and control such issues.
A more effective approach could be using a zero-trust architecture.
"A zero-trust environment essentially levels the playing field by treating insiders and outsiders the same: No entity should be automatically trusted, and all access must be verifiable through continuous authorization and authentication," Axio's White says.
Now that they've gotten a taste of remote work, employees increasingly prefer to keep it up. Indeed, a recent Gallup study shows that 91% of Americans working remotely hope to continue working from home after the pandemic.
Remote work offers great benefits, like reduced commute time, increased freedom, and more time to spend with loved ones. But there can be security downsides if sufficient controls are not in place to protect remote workers against the digital threats that come with working via unsecured connections.
"Being on a home network lacks the layered network security of the company environment," says Matthew Ulery, chief product officer at SecureAuth. Remote work itself is not new, but the dramatic shift to working from home over the past two years means there are more security-naive people who are not in the office, he adds.
Not all security threats are the fault of technology. Much of it also comes from human error.
"Remote work greatly exacerbates human-activated risk," says Robin Bell, CISO at Egress. "People are working in more distracting environments where they may have to answer the door for deliveries or might multitask with household chores. That means mistakes are more likely to happen, like sending an email to the wrong recipient or falling for a malicious email attack."
Recent research by Egress found that 77% of IT leaders said they have seen an increase in security compromises since going remote two years ago.
As a security pro, what do you need to be looking out for? Here are the top six such security threats faced by remote workers and how employees and employers can minimize them.
About the Author(s)
You May Also Like