sb-nz logo
Story image

Why protecting remote workers from cyber attack should be a top priority for your security team in 2020

04 Feb 2020

Article by WatchGuard Technologies A/NZ regional director Mark Sinclair.

As logging in from anywhere becomes the norm for more Australians, implementing cybersecurity strategies to support the remote working model has become an imperative for local organisations which value the integrity of their systems and data.

Hands up all those business owners who remember when allowing someone to work from home, regularly or as a one-off, was considered noteworthy, or a privilege for which they should be duly grateful?

Those days are long gone and the signs are they’re not coming back. 

In 2019 Australia, everyone was doing it. From traditional road warriors such as sales reps, whose office has always been wherever they laid their laptop, to IT developers and marketing managers, Australians from all walks of life have embraced the remote working model with gusto.

Reduced travel time and costs and better work life balance are commonly cited as benefits by those who’ve called time on doing nine to five at a desk in the corporate office.

Employers share their enthusiasm. More than two thirds of Australian organisations now allow their staff to work remotely, according to research published by Indeed in early 2019.

It’s not hard to see why. Increased productivity, improved morale, reduced employee turnover and absenteeism and operational cost savings were all identified as benefits by those organisations which had thrown their support behind a remote work policy. Allowing people the flexibility to work off site can also make it easier for companies to attract and retain top talent to their teams.

Risky business

It’s a win-win situation but only if organisations manage it properly. 

That’s a big if.

In 2020, employees have become a major attack vector. Remote working can pose a serious risk for organisations which fail to adapt their cybersecurity posture to protect users, whenever and wherever they log in to the corporate network. 

The vast majority of high-tech financial fraud attempts rely on human clicks and hackers know all too well that individuals working outside the corporate firewall are significantly more vulnerable than those who operate within it. 

Have companies taken steps to address this real and rising danger? 

‘Sorta, kinda’, according to a recent global survey of IT administrators in mid-sized organisations, conducted by Site Research on behalf of WatchGuard.

Ninety per cent of respondents stated they were using endpoint software to protect laptops and 88 per cent believed employees within their organisation who worked remotely were using VPNs when they logged in. While employees are often seen as the weakest link in the cybersecurity chain, the administrators gave them a resounding vote of confidence, with 85 per cent of respondents stating their colleagues were trained to spot phishing and identity attacks. 

It would be easy to conclude the situation is well in hand, if not for the fact IT administrators don’t seem particularly convinced that’s the case.

More than 90% of survey respondents owned to concern about the prospect of infection being introduced via endpoints. Almost as many stated they were worried about unauthorised individuals accessing employees’ laptops and devices when they were out of the office. 

Just under two thirds of the administrators admitted a remote worker had fallen victim to a cyber attack on their watch; hardly a ringing endorsement for the remote security measures collectively put in place thus far.

Cybersecurity that’s not centred around the office

Unfortunately, there’s no simple answer to the threat that arises when your employees, en masse, swap a desktop in the office for remote working, using an array of mobile tools; both the company’s and their own.

A robust, user-focused security posture which enables your team to roam free without compromising network security back at the base must necessarily be multi-faceted.

In addition to deploying endpoint security to protect employees’ devices wherever they log in from and multi-factor authentication technology to reduce the risk of password compromise, organisations should be conducting regular cybersecurity training sessions.

Phishing, spear-phishing and executive impersonation campaigns have become significantly more sophisticated in recent times. Educating users, from the CEO suite down to the front line, about the risks they present can be an effective way to mitigate the risk of their falling victim. Fake phishing campaigns should also be employed periodically, to reinforce, in situ, the cybersecurity lessons employees have been given.

Just as important is the fostering of a workplace culture in which employees feel empowered to question unusual requests to disclose information or action payments, rather than jumping to obey, without question, orders which purport to come from on high.
Time to act

If flexible working isn’t a ‘thing’ at your organisation yet, it likely will become so, some time  in the early 2020s. 

As Australians continue to give the model the thumbs up, employers that adopt security measures which protect workers whenever and wherever they’re on the job will be well placed to enjoy the many benefits remote working has to offer.

Story image
Cyclone named essential NZ supplier for online learning devices
The Ministry of Education has selected Cyclone as one of a handful of essential business suppliers for devices and technologies used in distance and online learning.More
Story image
Internet infrastructure strained as demand for servers surges 30%
Internet service providers are extending data caps to meet the newfound reliance on the network, however, some experts express uncertainty concerning internet infrastructure’s ability to keep up with the rapidly growing demand.More
Story image
Guardicore Labs exposes brute force MS-SQL attack campaign
The cyber attack campaign uses password brute force to breach victim machines, deploys multiple backdoors and executes numerous malicious modules, such as multifunctional remote access tools (RATs) and cryptominers. More
Story image
SailPoint Peer Insights Choice for identity management
SailPoint is the only vendor to receive the ‘Customers’ Choice’ distinction in the Identity Governance and Administration segment.More
Story image
Email attacks up 667% following rise of COVID-19 worldwide
Of the COVID-19 related attacks detected by Barracuda Sentinel through March 23, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail, and 1% are business email compromise.More
Story image
COVID-19: Surfshark joins growing list of companies offering free services
The VPN service has recently announced its intention to offer free six-month subscriptions for small businesses, as more countries tighten quarantine measures and finances become strained.More