Story image

Are remote workers really the answer? Report finds huge security issues

07 Mar 2018

The swelling generation of mobile workers is causing headaches for IT staff.

A study by OneLogin has found 74 percent of UK businesses currently provide their employees with the benefit of remote working and are now grappling with finding a balance between productivity and security.

These ‘headaches’ are certainly justified as the study found more than half of remote workers spend up to one day per week connected to unsecured networks, effectively opening the door to a host of cyber threats.

“Hackers are increasingly going after high-value targets, such as executives or users with privileged access. And rather than deploying very sophisticated technical attacks, they are using social engineering or password replay attacks,” says OneLogin CTO Thomas Pederson.

“For example, if a hacker wants to compromise a particular individual, all they need to do is look in many of the leaked password databases on the dark web and figure out that person’s corporate email address and then start trying to sign into applications where the user might have an account. This kind of attack is something enterprises can only protect themselves against using multi-factor authentication.”

48 percent of businesses have enforced VPNs to create a secure link between the home and corporate networks, which should technically solve all the security issues associated with remote working and unsecured WiFi networks.

However, organisations have inadvertently made productive remote working impossible with ‘not fit for purpose’ security protocols as 30 percent receive frequent complaints that the use of a VPN slows down network access when working out of the office.

What’s more, the study shows VPN’s are notoriously prone to breaking down with 67 percent of businesses experiencing up to a week of VPN downtime over the last 12 months.

OneLogin says these and other VPN hang-ups are effectively countering the benefits remoting working is supposed to promote like productivity and a happier workforce.

“With productivity levels compromised, companies such as HP, IBM and Yahoo have decided to turn their backs on remote working altogether,” says OneLogin chief information security officer Alvaro Hoyos.

“However, businesses shouldn’t jump too quickly to cast remote working aside. It is possible for businesses to enable and actively encourage remote working, without compromising security or productivity.”

Hoyos says given the questionable reliability of VPNs, mobile workers are more likely to turn to potentially unsecured networks.

“This could be devastating as data breaches could leave confidential documents in the wrong hands and can be incredibly costly to remediate. By using next-generation mobile container technology, organisations can extend endpoint security from desktops to mobile devices and thereby enjoy a unified endpoint management solution,” says Hoyos.

Pederson says traditional enterprises are still mainly focused on the on-premises security because that’s where the majority of their IT workload is located.

“However, with growing shadow IT and strategic cloud applications being deployed, enterprises must learn to rely less on the physical perimeter for security and instead focus on getting a solid grip on the identities accessing corporate data,” says Pederson.

“Enterprises must adopt a zero-trust security model where workers are not trusted more just because they are located inside the physical perimeter. Users should always be authenticated using multiple factors whether it be a one-time password, biometric or a certificate deployed on the user’s device.”

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.