Thursday, Jan 27, 2022
BY: Team Nuspire
The COVID pandemic changed and shaped the way in which people work and, by extension, the information security landscape in which businesses operate. Packed offices gave way to work-from-home (WFH) arrangements. Even reluctant businesses began allowing employees to connect to business networks and apps on personal devices with bring your own device (BYOD) policies.
The expectation across multiple industries is for hybrid workforces to become the norm, which means WFH and BYOD are here to stay. While both have clear benefits, it’s important to bear in mind that they make security more complex. Here are some security tips for your company to start 2022 off on the right foot in light of BYOD and WFH becoming the norm.
Security Complexity with BYOD and WFH
The trend of employees using personal devices to connect to business networks and carry out work-related activities originated at Intel back in 2009. According to an Intel document, “what started out as merely a nice-to-have employee benefit has transformed into a solution that enables significant productivity gains and benefits the entire enterprise.”
The benefits of BYOD quickly became clear at Intel, but the security risks remain concerning for CISO and IT leaders 13 years later. These security issues include:
- A lack of sufficient security controls in place for personal devices
- No clear BYOD policy for employees to follow
- Employees installing malware on the network from their devices
- Many different devices with various operating systems and applications connecting to the network
- Corporate data ending up on personal devices that may be lost or stolen
Work from home has a far longer history than BYOD. IBM ran an experiment as far back as 1979 in which five employees were allowed to work from home. A steady upward trend began in the 2000s that saw more employers offering remote work opportunities, but COVID catapulted WFH as the default way of working for millions of people almost overnight.
The main security concern when people work from home is that they are outside the office. This might sound trite or obvious, but being outside the confines of the office network perimeter creates many security headaches. Aside from the risks of personal devices, people working from home may connect to unsecured home networks, use weak passwords to access VPNs and remote desktop protocol connections, or become victims of phishing scams.
4 Actionable Security Tips to Start 2022
Increased security complexity from WFH and BYOD, like most cybersecurity challenges, has actionable solutions. Here are four tips to start 2022 on a secure footing.
Get Robust Endpoint Protection
When you have people working from home and using their personal devices to access business data and applications, there are a lot more endpoints to think about, and a lot more blind spots! Various solutions help to bring back the visibility and defenses you need to secure endpoints wherever they’re located.
Remote monitoring and endpoint management solutions let you monitor all endpoints and automate software updates on those devices. Endpoint detection and response (EDR) solutions give powerful capabilities in monitoring end-user devices for different cyber threats, responding efficiently to genuine incidents, and containing attacks by isolating the endpoints on which they occur.
Improve Email Security
Opportunistic threat actors quickly started trying to take advantage of the uncertainty around the pandemic and WFH security with a deluge of phishing campaigns targeted at remote employees. Verizon’s 2021 Data Breach Investigations Report found that 36% of successful corporate cyberattacks involved phishing – an increase of 11% over 2020.
The increase reflects a perception among hackers that in a non-business environment, people may let their guard down and fail to follow normal security practices, such as not clicking suspicious or untrusted email links. Even without COVID, susceptibility to phishing attacks was high.
To strengthen email security, consider focusing on both the human and technological elements that are at play. Ongoing cybersecurity training with social engineering modules remains pivotal in helping employees stay vigilant toward these threats. Since some phishing emails are really hard to recognize, dedicated email security solutions provide extra help in making email more secure for remote workers by filtering out these emails. The latest platforms leverage artificial intelligence and self-learning to improve performance over time at recognizing and filtering phishing emails.
Use A CASB Solution
With most businesses using SaaS applications and running other cloud workloads, remote employees regularly connect to the cloud as part of their daily jobs. A cloud access security broker (CASB) sits between users and cloud services to enforce security policies and secure sensitive data. When an employee uses their smartphone or personal laptop to access cloud resources, a CASB like Zscaler gives you the visibility to address any security gaps and keep data safe.
Look to Identity Leaders for Zero Trust
Zero trust gets a lot of hype within cybersecurity, but with good reason. In a hybrid work situation, not providing users or devices with default levels of trust reduces many security risks. Zero trust provides conditional access to apps and data based on real-time security context about users and devices. This contextual information is tied to identity, which helps to securely authenticate and authorize users and devices. Leading IAM solutions like Okta and Ping can prove invaluable investments to secure your hybrid workforce with zero trust regardless of what device they’re connecting with.
BYOD and WFH are here to stay as central parts of the hybrid workforces that are shaping workplace culture. While there are security complexities introduced into the equation by these changes, following our recommended steps provides a solid foundation for any business to have a secure 2022. Sometimes, implementing all these changes is difficult, and that’s where expert managed security service providers make a big difference to your cybersecurity posture.
At Nuspire, our mission is to make clients fanatically happy through a relentless pursuit of excellence. Let’s talk about how we can work together to provide a new, fresh and inspiring approach to closing cybersecurity gaps.