Is Working From Home an IT Security Issue?
Working from home brings many benefits for those involved. Shorter commute times, better work-life balance, increased productivity and lower real estate costs, to name a few.
But as companies operate with significant portions of the workforce away from the office, these activities also pose real IT security risks. Home security methods like VPNs and others offer some protection, but they aren’t always as secure as the systems many grew accustomed to in the corporate office.
Employees rely on their home networks and, in some cases, their personal computers to get work done. They also frequently use their work devices for personal activities. According to a study by HP, 36% of people surveyed use their work device for online streaming services, and 27% use their devices to play games.
Many organizations didn't have the time or resources to create a suitable security environment for all their employees when millions of workers transitioned to working from home during the pandemic. The result was a piecemeal approach.
“Many businesses put Band-Aid security solutions in place at the beginning of the pandemic to secure their remote teams,” said Sheila Carpenter, CIO at Dallas-based Zix, a security technology company.
Those kinds of solutions can be difficult to mend, and place additional pressure on corporate IT staff to keep things running smoothly.
The IT Security Challenges of Remote and Hybrid Work
Going remote full time and for a sustained period requires a complete overhaul of current security practices and employee resources, including training and technology. Policies like bring your own device facilitate remote work, but they also mean there are far more endpoints that IT security personnel need to monitor against malware, phishing and other attacks.
“The most significant challenges are ensuring employees are equipped with the training and knowledge necessary to secure their own networks,” said Jason Lee, chief information security officer at San Jose, Calif.-based Zoom.
While some companies were content allowing employees to use their own devices in the early days of the mass transition to remote work, others experienced additional challenges when they tried alternative methods.
One unexpected challenge that many companies experienced due to the shift to remote work was the inability to get technology hardware they needed, said Wes Henry, president and CIO at Fargo, N.D.-based TrueIT, an IT consulting and managed service provider company.
With computers sold out in several locations and supply chains struggling to keep up, this meant that many teams relied on personal computers and VPNs. VPNs offer some level of IT security, but they also pose an additional security risk that many might not be aware of since remote workers are connected to the office through virtual networks.
As a result, “any security vulnerabilities, viruses, ransomware, etc., that exist on the remote worker’s network now have a direct path into the company network,” said Henry.
Addressing Employee Needs and Wants with a Digital Workplace
The workplace is getting more and more digital – both in how we work and where we work
Maintaining a Human-Centered Approach During Digital Transformation
When it comes to digital transformation - people drive change, not technology
The Evolution of Employee Recognition
Leveraging the power of appreciation to improve the employee experience
How to Build a More Innovative and Resilient Workplace Culture
What would happen if every member of your team came to work focused on finding solutions and creating better results?
Related Article: Now Is the Time to Replace VPN With Zero Trust
5 Tips to Ensure Work From Home Security
Working from home poses additional security risks for companies and employees, but there are a few ways to ensure networks remain secure other than using VPNs. Here are some tips:
Use multi-factor authentication
Multi-factor authentication, or MFA, makes it harder for hackers to access information by providing an additional layer of security on top of a password. These login details can get compromised at any time, so MFA at least creates more difficulty for attackers.
Back up to the cloud
Regular backups to the cloud can ensure that information stays secure. “In the case of a data breach or ransomware attack, data can be locked down without being able to access it, causing you to lose data on your email, content management system (CMS) platforms, or any number of important servers housing sensitive information,” Carpenter said. Backing up data to the cloud allows for easy recovery in a worst-case scenario.
Use email filtering and encryption
Malware and phishing attacks rose tremendously over the last year. According to one report, there has been a 17% increase in cybersecurity attacks since Q1 2021 and 1.2% since Q4 2020. However, these attacks can be mitigated by using email encryption software to lessen the risk of human error.
Create an endpoint data protection strategy
With the increase in the number of endpoints, IT security personnel need to implement a strategy to protect against threats to their network. “To protect in-office employees, IT teams should deploy agile networking solutions that offer real-time monitoring and anomaly detection,” said Lee.
Implement new security protocol training
Finally, having a better security protocol can be beneficial to the organization as a whole. Improving security training creates a secure environment and culture that helps protect the entire organization.
“Training and continuous learning help employees understand the role end users play in the overall security posture of an organization,” Lee said.