Light Dark
July 14, 2020 By Abby Ross, @HonestAb2 4 min read
Incident Response
Network
Security Services

Before the coronavirus pandemic hit, working from home used to be a novelty for many employees. According to a June 2020 IBM Security and Morning Consult “Work From Home Survey,” 80% of respondents say they worked from home either rarely or not at all prior to the pandemic. In-office work allowed employers and information technology (IT) teams to manage and implement security measures and protocols at a central location.

Now, remote work has become the norm for many and could become a mainstay for some companies. A hybrid in-office work approach also may be an option. Yet, more than 50% of employees surveyed don’t have updated company security policies to navigate potential threats while working from home.

Security challenges can arise every time there’s a shift to your environment. New vulnerabilities may surface, and cyber attacks still remain relentless. But, there are basic steps you can take to reduce the risk of a compromise. Here are a few things to consider when securing your environment in a remote work or a hybrid in-office setting.

Remote Workforce Common Security Challenges

Remote work has its benefits; it can provide more flexibility and potential work-life balance. But, it can also present challenges if employees let their guard down, especially when it comes to securing data.

Controls

Employees may not consider company security policies when at home. For example, employees may allow their children to use corporate laptops to play games. Or, they may use their personal laptops for work purposes. The recent survey found that 52% of respondents are using their personal laptops for work with no tools to secure it.

These activities can lead to a compromise of the device and the connected network. Ideally, all employees should try to use corporate-provided devices. These devices should have security controls in place, such as firewalls, endpoint detection and response and antivirus software. However, employees may inadvertently disable these controls because they are “slowing them down.” Before turning off certain controls, team members should consult with their IT department.

VPN

A common misperception is that data is protected when connected to a company’s virtual private network (VPN). A VPN does encrypt traffic between the user and a corporate network, but it does not stop a threat actor from accessing and compromising the internal network.

Incident Response

Responding to a compromise can be challenging. Most incident response teams are in one location. They have technologies, people and evidentiary information at their fingertips. Today, those teams are also working from home, which can make investigating a breach more difficult.

For example, if an employee’s home network is compromised, an incident responder cannot go to the person’s house to access and investigate the network. The employee would have to ship the infected device to the investigator, which extends the window of opportunity for an attacker to move deeper into the environment.

Patches

Installing patches can also be tricky. Corporate devices automatically download patches to fix vulnerabilities. Those devices need to be connected to the corporate network to receive those patches.

Downloading a patch requires a steady VPN or network connection. This process can be stalled or not completed if employees need to connect through VPN, which can easily disconnect with a shaky internet connection.

Some companies may perform automated patching overnight. The patching will not work if those devices are powered down.

Phishing

Fraudulent emails purporting to be from reputable companies are a common attempt to gain personal data. And, employees working remotely aren’t immune to these scams. Employees clicking on these malicious links can give threat actors access to personal and company information.

Multifactor authentication provides extra security by requiring two or more credentials for log in to an account. This makes it harder for bad actors to get access to usernames and password.

Additionally, make sure employees set their device’s software to update automatically so it can deal easily address any new security threats.

 

Hybrid In-Office Workforce Common Security Challenges

A hybrid workforce model can bring the same kinds of challenges to those who working at home some days and in an office on other days.

Compromised Network

A company’s entire network could be compromised if an employee uses an infected device in the office. In many cases, devices previously trusted to connect to a corporate network will automatically connect again without requiring re-authentication, eliminating a layer of security.

Infected Documents

Infected documents also can cause problems. For example, an employee’s laptop unknowingly becomes compromised because they open a malware-infected document on their corporate laptop at home. They email that document to a coworker working in the office. Once the co-worker opens the email, their laptop becomes compromised and so does any network connected to it.

Reducing Risks

The key for any business is to have a data protection and security plan built for whatever workforce model is chosen.

Separate Network

One of the most effective steps is to set up a separate network for employees who work from home. They could use a VPN to access that network and have limited access to servers and company information.

Security and IT teams can also do the following:

  • Perform a preliminary check on remote employees devices before they return to the office.
  • Ensure security controls are on.
  • Add an extra layer of protection to the VPN with automated security checks before allowing a device to connect to the network.
  • Deploy additional network segmentation to which employees’ machines connect to when they return to the office.
  • Perform authentication and authorization checks before granting access to the corporate network.
  • Limit employees’ access to only the data they need to do their jobs

Cyber Hygiene

More than 50% of survey respondents are not aware of new company policies related to customer data, password management and video conferencing following a transition to working from home.

Maintaining cyber hygiene best practices is critical to a company’s security measures. Businesses should host quarterly security awareness trainings to educate employees on risk management in a remote work environment. It’s also important to remind employees of best practices when they return to the office.

Penetration Testing

Finally, perform penetration testing, especially against the internal network. An internal network penetration test can simulate a compromised machine.

A simulated attack can connect to the network and show where a threat actor could move after compromising an employee’s machine.

You should also implement an ongoing vulnerability management program to continuously identify, prioritize and patch high-risk vulnerabilities that an attacker may leverage. Plus, perform an adversary simulation engagement to find gaps in your remote incident response programs.

Learn how IBM’s X-Force Red’s team of hackers can help your organization.

 

 |  |  |  |  |  |  | 
Abby Ross, @HonestAb2
Associate Partner, X-Force Red

More from Incident Response
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

March 6, 2024

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature