Telework security requires meticulous caution, communication
The shift to remote work as a result of the global health crises has exponentially increased organizations' security challenges. The new capacity of teleworkers not only puts a strain on the network, but also further complicates security challenges that infosec teams are already up against.
Malware is 3.5 times more likely to be found on home networks than on corporate networks, according to a report from BitSight Technologies. Notorious botnets are more likely to infect home networks, too. Home networks also expose unique vulnerabilities, including routers, external storage devices and various IoT devices.
Overall cybercrime activity has not increased during the pandemic, but certain forms of cyberattacks have seen significant upticks. The new extended attack surface illustrates the importance of the infosec team's role in enabling secure remote work and in orchestrating a strategy for cyber resilience.
In this webinar, independent security consultant and CISSP Kevin Beaver outlines five steps to bolster telework security. These steps include facilitating risk assessments, security policies and communication that specifically reflect the context of the risk of having many remote workers during the pandemic.
"You may have heard the term Zoombombing, where uninvited guests are showing up on Zoom meetings and basically crashing the party," Beaver says.
Security researchers have recorded spikes in ransomware, distributed denial-of-service and sophisticated phishing attacks exploiting public health fears. Organizations are responsible for emphasizing these new risks and reminding users about security awareness and telework best practices.
Communication about telework security risks, updated security policies and the role that an individual can play in the organization's overall security "becomes even more essential in the remote work environment," Beaver says. This may be an opportunity to get HR or executive administration involved in developing online sessions, reminders or videos for employees.
"Rather than shoving technical jargon at them about what they can't do, think of creative ways to share how they can work from home in a secure fashion," Beaver says.
In this webinar, Beaver elaborates on how to conduct a formal risk assessment to understand what threats are in scope in a telework environment. An organization's employees, clients and competition are watching how security is handled during this crisis. It's natural for security practitioners to experience doubt or questions during this unprecedented transition to remote work.
"You're probably a lot like me and are trying to take in all of this information and all of these ideas that are being shared. There is always a unique nugget or two that can truly help you in your situation, and that is my goal," Beaver says.