The coronavirus outbreak and lockdown forced many organizations to close their offices and shift employees to a remote work setup. But such a quick and abrupt transition opened the door to a host of security risks, especially from people who are unaccustomed to working remotely. A report released Wednesday by software vendor Lynx Software examines some of the risks of remote work and offers advice on how to address them.
SEE: Working from home: The future of business is remote (ZDNet/TechRepublic special feature) | Working from home: How to get remote right (free PDF) (TechRepublic)
In a recent survey of 1,000 working Americans, Lynx found that 36% of them have been or know someone who has been impacted by a cyberattack since the start of the pandemic. As such, a majority (69%) are now more concerned about security risks during COVID-19 than they were beforehand. More than half (54%) of the respondents said their biggest cybersecurity concern is over their personal data being compromised.
Despite the increased risks, just 49% of those surveyed believe their organization’s cybersecurity has strengthened since the beginning of the outbreak. Citing several examples, 65% said their company lets them use their work computer to access personal services, 60% said their company has not prohibited the use of certain apps and tools that don’t meet high security standards, 58% said their company hasn’t implemented antivirus software, and 58% said they were not aware of their company implementing strict IT security policies.
Remote workers themselves are triggering certain risks through poor cyber hygiene, a lack of knowledge, and uncertainly over the right and wrong actions. In this vein, 76% of those polled said they sometimes use a personal device for work, 75% use their cloud-based services to store and edit work documents, and 60% said they use USB devices to move work files. Further, almost a quarter said they’re not sure if they can switch off their VPN.
Almost all workers surveyed said they know it’s important for their work laptop to be secure. But some 30% admitted they weren’t aware that company devices outside the workplace are at greater risk for cyberattacks. Further, more than half acknowledged they wouldn’t be able to tell if their work device had been hacked, and three in 10 said they wouldn’t know what to do if their device had been hacked.
SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)
“Organizations of all types need to prioritize finding ways to secure end-points for their employees’ devices, whether they are on laptops, edge servers or anything between, especially in the remote, zero-trust environment we are living in,” Arun Subbarao, vice president of engineering and technology at Lynx Software, said in a press release. “For IT teams this doesn’t have to mean prohibitive costs or compromising performance.”
Asked how their organization could improve this IT security gap among remote workers, more than half of the respondents said they would like to receive the necessary policies to make them more aware of any actions they take that create a security risk. Half would like training sessions. And some 44% would appreciate weekly newsletter updates on cybersecurity efforts.
IT and security professionals can also take steps to separate and isolate the different domains and remote working environments to better protect them from security threats.
“Separating security functions into different domains and controlling the flow of information between those domains ensures confidentiality and integrity for security-sensitive use cases in organizations,” said Ian Ferguson, VP of Sales and Marketing for Lynx Software.
Ferguson recommends the following actions:
- Isolate the Windows environment for remote users.
- Create a separate domain to protect data in transit with two VPNs.
- Create a separate domain to protect data at rest.
- Create an isolated management domain to allow for secure updates.
“By ensuring foundational security, an organization can effectively extend its firewall to the place where its employees are working, be that a house, a coffee shop, or (yes) an airplane,” Ferguson added. “Corporate IT policies are delivered and managed on a per-laptop basis wherever those assets are located.”