New work-from-home protocols may create cybersecurity vulnerabilities
By Max BurkhalterOctober 28, 2020
At the beginning of the COVID-19 pandemic, many businesses needed to adjust to a work-from-home model almost overnight. While working from home can come with its benefits, including increased flexibility and safety from a dangerous pandemic, for some organizations, it has also created cybersecurity headaches. While some of these issues are the result of adding new devices to networks, others stem from human error. In fact, according to a survey by the tech company Visual Objects, 34% of United States-based companies haven't been doing any basic cybersecurity work while working from home; including securing Wi-Fi networks, two-factor email authentication and adding a virtual private network. A loose approach to cybersecurity could leave your organization open to threats from both outside and within your network.
Adjusting to the 'new normal'
When the COVID-19 pandemic began, most organizations did not plan for their work-from-home period to extend more than a few weeks or months. Now, more than six months after much of the United States first began lockdowns, it has become abundantly clear that cybersecurity protocols must be readjusted to suit the "new normal." The work-from-home option has become incredibly prevalent. According to the Visual Objects survey, 66% of US companies had their employees take work devices home during the pandemic.
While taking devices home may come with its own set of issues, such as using an unsecured home Wi-Fi network and the potential for loss and theft, experts see a potentially larger threat in workers using their personal devices to conduct work. Personal devices are less likely to use public networks and not have up to date patches.
"To me, the riskiest approach is using personal machines," said BrokenStones CEO Chris Blunt, speaking with Visual Objects. "If you've got your work machines set up properly and the right remote access systems in place, then taking your work computers home is a good, cost-effective option."
In addition to potential threats created by having employees on devices in a variety of locations, your empty office space may leave you vulnerable to cyberattacks. According to the British technology magazine Business Cloud, the network and Wi-Fi access points found in many offices can be hacked if left completely unattended. The magazine recommends that ports and networks that will only see limited use in the coming months be disabled.
Whether the issue is personal devices at home or unused ports in the office, many of these problems come from the way IT departments are thinking about the scope of their work. According to Business Cloud, the challenges of remote work mean that IT departments now have a perimeter extending far beyond their own network. A difficult combination of both strict protocol and a creative approach will be necessary to keep hackers at bay.
Attacks From Within
Perhaps even more insidious than the risk of an empty office, Business Cloud also found an increase in employees taking advantage of lax cybersecurity to sell their companies' information on the dark web. In most cases, according to CyberQ Group CEO and former HP Cybersecurity Director Chris Woods, employees are approached by an outside actor, rather than acting completely independently. Woods gave the example of a recent case he had worked on while speaking with Business Cloud.
"[the employee] didn't put the document on the marketplace. He was playing five-a-side football with one of his mates, who asked if he wanted to earn additional revenue… He said 'yes' because he wanted to take his kids to Florida and he thought this would be a very easy crime to commit."
According to experts, cyberattacks from within an organization increase during uncertain economic times, as employees worry about their own finances and job security and look for ways to make some extra money. As the companies continue to face ups and downs as a result of the COVID-19 pandemic, they may have to continue to take the possibility of these kinds of threats very seriously.
Ultimately, as the threat of COVID-19 continues, organizations that initially thought of working from home as a temporary state, and planned their cybersecurity accordingly, need to rethink their approach. Perle has the kind equipment that can help to meet your readjusted cybersecurity goals moving forward. To learn more about what Perle can do for you, read some of our customers' success stories.