sb-nz logo
Story image

Why protecting remote workers from cyber attack should be a top priority for your security team in 2020

04 Feb 2020

Article by WatchGuard Technologies A/NZ regional director Mark Sinclair.

As logging in from anywhere becomes the norm for more Australians, implementing cybersecurity strategies to support the remote working model has become an imperative for local organisations which value the integrity of their systems and data.

Hands up all those business owners who remember when allowing someone to work from home, regularly or as a one-off, was considered noteworthy, or a privilege for which they should be duly grateful?

Those days are long gone and the signs are they’re not coming back. 

In 2019 Australia, everyone was doing it. From traditional road warriors such as sales reps, whose office has always been wherever they laid their laptop, to IT developers and marketing managers, Australians from all walks of life have embraced the remote working model with gusto.

Reduced travel time and costs and better work life balance are commonly cited as benefits by those who’ve called time on doing nine to five at a desk in the corporate office.

Employers share their enthusiasm. More than two thirds of Australian organisations now allow their staff to work remotely, according to research published by Indeed in early 2019.

It’s not hard to see why. Increased productivity, improved morale, reduced employee turnover and absenteeism and operational cost savings were all identified as benefits by those organisations which had thrown their support behind a remote work policy. Allowing people the flexibility to work off site can also make it easier for companies to attract and retain top talent to their teams.

Risky business

It’s a win-win situation but only if organisations manage it properly. 

That’s a big if.

In 2020, employees have become a major attack vector. Remote working can pose a serious risk for organisations which fail to adapt their cybersecurity posture to protect users, whenever and wherever they log in to the corporate network. 

The vast majority of high-tech financial fraud attempts rely on human clicks and hackers know all too well that individuals working outside the corporate firewall are significantly more vulnerable than those who operate within it. 

Have companies taken steps to address this real and rising danger? 

‘Sorta, kinda’, according to a recent global survey of IT administrators in mid-sized organisations, conducted by Site Research on behalf of WatchGuard.

Ninety per cent of respondents stated they were using endpoint software to protect laptops and 88 per cent believed employees within their organisation who worked remotely were using VPNs when they logged in. While employees are often seen as the weakest link in the cybersecurity chain, the administrators gave them a resounding vote of confidence, with 85 per cent of respondents stating their colleagues were trained to spot phishing and identity attacks. 

It would be easy to conclude the situation is well in hand, if not for the fact IT administrators don’t seem particularly convinced that’s the case.

More than 90% of survey respondents owned to concern about the prospect of infection being introduced via endpoints. Almost as many stated they were worried about unauthorised individuals accessing employees’ laptops and devices when they were out of the office. 

Just under two thirds of the administrators admitted a remote worker had fallen victim to a cyber attack on their watch; hardly a ringing endorsement for the remote security measures collectively put in place thus far.

Cybersecurity that’s not centred around the office

Unfortunately, there’s no simple answer to the threat that arises when your employees, en masse, swap a desktop in the office for remote working, using an array of mobile tools; both the company’s and their own.

A robust, user-focused security posture which enables your team to roam free without compromising network security back at the base must necessarily be multi-faceted.

In addition to deploying endpoint security to protect employees’ devices wherever they log in from and multi-factor authentication technology to reduce the risk of password compromise, organisations should be conducting regular cybersecurity training sessions.

Phishing, spear-phishing and executive impersonation campaigns have become significantly more sophisticated in recent times. Educating users, from the CEO suite down to the front line, about the risks they present can be an effective way to mitigate the risk of their falling victim. Fake phishing campaigns should also be employed periodically, to reinforce, in situ, the cybersecurity lessons employees have been given.

Just as important is the fostering of a workplace culture in which employees feel empowered to question unusual requests to disclose information or action payments, rather than jumping to obey, without question, orders which purport to come from on high.
Time to act

If flexible working isn’t a ‘thing’ at your organisation yet, it likely will become so, some time  in the early 2020s. 

As Australians continue to give the model the thumbs up, employers that adopt security measures which protect workers whenever and wherever they’re on the job will be well placed to enjoy the many benefits remote working has to offer.

Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Vodafone brings xone IoT platform to Aotearoa
The platform is a localised version of a solution belonging to the Vodafone Group, providing key in-country functionality to technology.More
Link image
Webinar: Best practices for keeping your video chats secure
Video collaboration providers nowadays operate exclusively on a multi-tenant, public cloud - and security and privacy concerns have come into the spotlight. Here's how to secure your communications.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More