Your Microsoft 365 Partner in Suisse Romande / Cloud Specialists including Microsoft 365 and Azure
Learn More
Interhyve System
  • Services
    • Cloud Services
    • Support Services
    • Cyber Security
    • IT Management
    • Migration Services
    • IT Consulting Services
    • Microsoft 365
    • Azure Migration
  • Industries
    • Non-Profit
    • UN & Government
    • Pharma
    • Legal
    • Finance
  • Projects
  • About
  • Resources
    • Blog
    • E-Book Office 365
  • Contact
  • Teamviewer
Start a project
EnglishFrench

Blog

Security Risks Companies Face as Workers Go Remote

Security Risks Companies Face as Workers Go Remote

06 May 2021
By: Fabrice Beaux
Permalink

In 2020, remote work quickly went from being a niche corporate decision to a sudden and large-scale shift in the way people earn their living. Before the pandemic, only 29% of the American workforce was able to work from home, according to the Bureau of Labor Statistics. However, the number increased to 1 in 4 people in August, 2020.  

For many companies, the abruptness of this shift has sent their cybersecurity for a toss. While network security teams grapple with drastic changes in technology and work practices, businesses of all sizes are left vulnerable to massive security threats.

It is no secret that data security breach can result in significant ramifications, some of which include:

  • Loss of revenue
  • Tarnished brand reputation
  • Loss of intellectual property
  • Internet-based vandalism
  • Legal fines

In the spirit of raising awareness, we will discuss some of the most common network security threats associated with remote work:

1 – Common Security Threats Faced by Companies with a Remote Workforce

a) Password Sharing

Most employees share passwords with their peers to accomplish tasks quickly. According to a survey, approximately 32 million of the 95 million knowledge workers in the US are engaged in sharing passwords. This has immense implications.

Shared passwords enable hackers to walk into multiple parts of your IT network, turning an isolated cybersecurity incident into a full-fledged disaster.

Moreover, some employees may not have changed their passwords for months. This poses a huge risk to the sensitive corporate data stored on their devices. Unfortunately, there is almost no way for you to enforce responsible password habits in a remote scenario unless you use password management software.

b) VPN Attacks

With companies still working to develop their remote IT networks, many have tried to maintain business continuity by deactivating VPN restrictions. This, however, leaves the network prone to infiltrations via a brute-force attack.

In a brute-force attack, cybercriminals often indulge in “credential stuffing.” In other words, they blast a specific VPN portal with a pre-made list of authentication credentials. In case any of the credential combinations work, the attacker gets immediate entry into the portal.

If the criminal uses a Single Sign-On (SSO), they also gain access to a valid domain login. This leads to quick infiltration and an almost immediate attempt at privilege escalation.

According to ZDNet, cybercriminals are exploiting security gaps in VPN servers to infect networks with new types of ransomware, which can lead to grave repercussions, such as:

  • Temporary or permanent loss of data
  • Complete shutdown of corporate operations
  • Financial losses (caused by stalled operations and/or remediation actions)

c) Phishing Attacks

Phishing attacks involve a malicious person or entity posing as a legitimate source to lure users into revealing their login credentials. Hackers usually attack employees with dangerous links inserted within cleverly crafted emails.

Once the employee clicks on the link, they unknowingly download keylogging software on their PC, exposing their credentials to the perpetrator. The hacker can then masquerade as an employee, infiltrate the IT network, and steal information.

2020 saw several malicious cybercriminals leverage growing interest in COVID-19 to launch coronavirus-themed phishing scams.

Furthermore, phishing emails increased by 600% between February and March of 2020. The Centers for Disease Control and Prevention (CDC) warned citizens against government impersonation frauds and asked them to avoid opening emails from unknown senders.

d) Unsecured Personal Devices

Your company’s security infrastructure is meant to be an impenetrable fortress comprising enterprise-grade tools, firewalls, and threat-detection/resolution systems. These advantages are inaccessible to remote employees using personal devices for work.

Although certain remote working cybersecurity monitoring platforms are available, employees may not be comfortable with downloading them on their systems due to privacy concerns.

As an employer, you may find it difficult to monitor your employees’ device usage at all times. They may continue working on their personal laptops and risk your business’s cybersecurity, even if you provide them with official devices. This can lead to several issues:

  • An employee working on their personal device can access any website and download any app that may contain malware or viruses. A report from BitSight suggests that home office networks are 3.5 times more vulnerable to malware than a corporate network.
  • They can connect to a public Wi-Fi network, leaving their device vulnerable to hackers
  • Their devices can get lost or be stolen

e) Fake Login Screens (Man-in-the-Middle Attacks)

A man-in-the-middle (MitM) attack is a form of breach where hackers interject themselves into the company’s communication process and intercept important data. The perpetrator can either collect the information passively or disrupt your workflow by changing messages or impersonating a co-worker. MitM attacks are not as common as malware or phishing, but they usually have a dangerous motive.

MitM attacks are a potent threat to the new remote workforce. Perpetrators often use fake login screens and authentication tokens to steal credentials from employees. They then use these credentials to enter a corporate network from their own systems.

Once they have access, they can start a Command and Control (C2) attack, infect other employee systems with malware, or head to reconnaissance for sensitive information and data theft.

2 – How to Ensure Network Security in a Remote Environment

If your employees work from home, you should create and enforce a robust remote-work policy to minimize the security risks mentioned above. Below, we’ve listed a few network security basics that are critical to protecting a remote work environment.

a) Strong File-Sharing Policies

First and foremost, you will have to establish and practice secure file-sharing protocols. You can use cloud storage solutions to exchange confidential files. Since this process grants access only to employees with valid credentials, it is relatively secure. Also, it tracks and records the changes made to files at every step, providing you with full disclosure.

b) Provision of Official Devices

If your budget permits, consider equipping your employees with official laptops and desktops. Have your IT support team configure firewalls and antivirus software/antimalware on the devices before handing them out. This is one of the most effective ways of securing remote work operations.

c) Direct Application Access

In the Direct Application Access method, employees work within individual portals of the IT network instead of logging into the entire system. As a result, there is a lesser risk of exposure, which, in turn, spells minimal security breaches.

d) Encryption Software

Encryption provides businesses and remote workers with an additional layer of security against cyber threats. In case an employee’s device is stolen or misplaced, encryption can help ward off unauthorized access. Businesses can use two types of encryption for remote work:

  • Advanced Encryption Standard (AES)
  • End-to-End Encryption

e) Password Management Software

With features such as automated password rotation and random password generation, password-protection software can reduce the probability of cyberattacks resulting from faulty or weak passwords. Additionally, you can encourage your employees to utilize one-time-use credentials for further protection.

Conclusion

In the current decentralized corporate landscape, malicious security threats constantly pose a threat to network security. Cybercriminals are bound to exploit the security gaps inherent in hastily deployed work-from-home arrangements. Since a single cybersecurity incident can have long-lasting aftereffects on business operations, it is in your best interest to take preventative measures for remote network security.

Reach out to us to know more about security issues that companies switching to a remote environment are struggling with.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Post navigation

Previous PostPrevious Incident Response Process

Archives

  • May 2021
  • April 2021
  • March 2021
  • September 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • September 2019
  • August 2019
  • June 2019
  • April 2019
  • July 2017

Categories

  • cloud management services
  • cloud services
  • IT support services Geneva
  • office 365 support
  • Uncategorized

Tags

  • Business
  • Entrepreneurship
  • Startup

Follow Us On

GET TO KNOW USContact Us

You have an idea in mind that you would like to achieve but you do not know where to start? Or,
simply, would you like more details about our services? Kofi and Fabrice would love to know more about your projects.

  • * Required fields
  • This field is for validation purposes and should be left unchanged.
53 avenue Blanc,
1202 Geneva, Switzerland
CALL US ON
+41 22 740 28 29
MON - FRI
8:00 – 19:00
SEND US A MAIL
info@interhyve.com
  • Services
    • Cloud Services
    • Support Services
    • Cyber Security
    • IT Management
    • Migration Services
    • IT Consulting Services
    • Microsoft 365
    • Azure Migration
  • Industries
    • Non-Profit
    • UN & Government
    • Pharma
    • Legal
    • Finance
  • Projects
  • About
  • Resources
    • Blog
    • E-Book Office 365
  • Contact
  • Teamviewer
Support: Teamviewer
  • Cloud Services
  • Support Services
  • Cyber Security
  • IT Management
  • Migration Services
  • IT Consulting Services
  • Microsoft 365
  • Azure Migration

*Limited Period Offer – 3 months free trial of Microsoft 365 business – Includes maximum 20 licenses; Free Migration services for up to 25 users (licenses are to be paid); MigrationWiz licenses of up to 30 users for migration user bundle value. Terms and Conditions apply.

© 2023 InterHyve Systems | All Rights Reserved. | Privacy Policy

Website Designed & Developed by E2M

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in settings.

  • Services
    ▼
    • Cloud Services
    • Support Services
    • Cyber Security
    • IT Management
    • Migration Services
    • IT Consulting Services
    • Microsoft 365
    • Azure Migration
  • Industries
    ▼
    • Non-Profit
    • UN & Government
    • Pharma
    • Legal
    • Finance
  • Projects
  • About
  • Resources
    ▼
    • Blog
    • E-Book Office 365
  • Contact
  • Teamviewer
Interhyve
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.