Organizations need to rethink how they approach security with working from home becoming the new normal as companies shift employees to permanent remote positions. Gartner anticipates that 41% of employees will work remotely for the foreseeable future.
However, home networks are very different from the tightly controlled and (hopefully) sterile corporate setup. In the home, there is a myriad of connected devices spanning doorbells to smart TVs to the ubiquitous Alexa. All of these products present an array of potential security vulnerabilities that IT teams now need to consider. Hackers have shifted their focus to exploiting the home network as an easy way to gain access to corporate systems and data.
So, what does this mean for security? Well, organizations can no longer rely on a corporate firewall as the answer for keeping bad actors on the outside. Instead, they need to adopt a mindset that assumes that all employees are working on networks with the equivalent security of the local coffee shop. They then need to implement strategies that reflect this new dynamic, or they run the risk that the blending of personal and professional results in laying out the red carpet for cyber-criminals.
Here are some key steps that organizations must take to reduce the security vulnerabilities that come with a distributed workforce.
Zero-Trust Approach
Enterprises must adopt this mindset now that there is no security perimeter. All systems need to be appropriately secured and require additional identity verification before remote employees can access corporate resources. By maintaining strict access controls and not trusting anyone by default, including those already inside the network perimeter, the risks are reduced.
Educate Employees on How to Set Up a Home Network
IT departments should encourage and educate employees on how to set up an isolated Wi-Fi network solely for work usage. While not supported on all home Wi-Fi routers and potentially requiring some technical savvy to set up, this is a much safer configuration. The FBI also recommends that IoT devices are isolated on their own network as well and this is excellent advice since these are the devices most often compromised on home networks. Joining smart TVs, thermostats, Echos, etc. to your guest network, which is something pretty much all modern home Wi-Fi routers support, is a smart move regardless of whether employees work from home or not. Another critical piece of the puzzle is only allowing employees access to corporate resources when they use the VPN.
Employees need to be aware that every device and service, including those belonging to their family, can open up the business to a host of security-related issues. These range from weak passwords on personal computers, poorly secured Wi-Fi or social accounts such as TikTok passing along malware.
Prioritize Password Policy
With the widespread adoption and reliance on digital services, the risks from password reuse are rapidly spiraling. One survey found that while 91% of people recognize the vulnerabilities that arise from sharing passwords across multiple online accounts, 59% admit to doing it anyway. Companies need to deploy a layered approach to password policy to ensure that only strong, unique passwords are in use.
Of course, password reuse is only part of the problem. With data breaches occurring on a near real-time basis, it’s highly likely that even strong credentials could be compromised at some point. As such, it’s important that organizations implement a credential screening solution that can check password security not only at their creation but on an ongoing basis. Unless organizations secure the password layer and prevent the use of compromised credentials through automated tools, this presents hackers with an opportunity to easily access the network.
Make Multi-Factor Authentication Mandatory
Sensitive systems and data require more than a simple login layer for security. Organizations need to add additional layers rather than hoping that one will suffice. Corporate networks will inevitably be accessed at some point, but the risks are vastly reduced by integrating additional verification steps.
Evaluate Security Vulnerabilities Before Adding Tools
With employees remote, IT needs to put in place a process to vet apps and software before they can be integrated into the corporate environment. Otherwise, employees are likely to add tools that they already use in their personal lives. IT teams need to get on the front foot and audit all apps and platforms for security vulnerabilities rather than waiting to deal with the consequences.
It’s clear that the barriers between home and work have disappeared and cyber-criminals are working overtime to exploit the opportunities this presents. By adopting these steps, organizations can mitigate the risks by taking a new approach to security that embraces the merging of our personal and professional lives.