Over the last several years, the attack surface of today’s business networks has widened dramatically.
The reasons? A rush of mobile devices flooded business networks, a growing population of increasingly ambitious and sophisticated hackers, and, particular to our interest, the explosive growth of remote work.
Working from home opens organizations up to increased security risk, however, through their workforce’s frequent use of unsecured WiFi, personal device usage and the ensuing growth of complexity in network environments.
What are the biggest risks? Read on to learn about three of the most significant vulnerabilities for remote workforces.
Without the proper protections on personal devices, remote workers can face greater threats from phishing attacks. Cyber criminals don’t care if personnel are working from home or in the office. Either way, they can trick workers into giving up login credentials—or completing a financial transaction—by posing as a message from a reputable company.
In one notable attack, staff members accidentally gave out login details for five employees. The end result: the exposure of sensitive data for 80 million customers. Ironically, hackers used the media attention to send more rounds of phishing emails.
Unprotected remote organizations are more susceptible due to the increased complexity of the network environment because many organizations still don’t use multi-factor authentication. In total, Americans lose $3.1 billion to email scams each year.
Opportunistic hackers typically aim for well-known vulnerabilities. They’re particularly interested in known exploits for older, out of-date-devices. An organization which allows remote workers to use outdated personal devices puts their critical business information at great risk to cyber criminals.
These vulnerabilities include personal mobile devices that are used for business communications. According to a Duo report, approximately 60 percent of enterprise devices were found to be running on older, vulnerable versions of flash. These exploits allow hackers to download software that assesses a device’s flash version and installs malware, should the right version(s) be identified. From there, attackers have full access to each infected machine.
What’s worse: it only takes a single out-of-date device for a hack to occur.
VPNs are employed by a wide range of organizations to help bridge the gap between centralized networks and remote workers, allowing users to securely access business networks in an encrypted channel. However, consumer-grade VPN services can still be vulnerable to savvy hackers.
A better solution for any business environment is an enterprise class VPN, with enhanced login using Multi-Factor Authentication (MFA). Secure endpoint software, such as Cisco AnyConnect allows your remote workers to work on your business network over a VPN connection based on your organization’s security policies. By adding DUO MFA to your security stack, remote workers must use a second – but simple – second source of validation for network access.
Remote employment is clearly the future of work. It’s especially apparent now given the organizational challenges of working during COVID-19, but there’s no doubt that demand will only grow in the foreseeable future. All that’s needed to keep hackers at bay is a diligent focus on training, and device and network security.
BBH has years of experience helping businesses build and optimize their network infrastructures with a priority on security. Our full team of IT specialists can apply a range of managed services, from 24/7 security monitoring to threat mitigation, managed cloud services, and full design-build audio visual services, among a range of others. Get in touch with our team now to learn more and discuss your networking and security objectives.
To learn more about how Cisco Duo, one of the top multi-factor authentication solutions on the market, helps secure remote devices, download our guide.