Regardless of the size of your remote workforce, the potential risks are hard to understate. According to Shred-It’s State of the Industry Report released in June 2018, 86% of C-suite executives and 60% of SBOs share the opinion that the risk of a data breach increases dramatically if employees are allowed to work off-site.
If an employee is to work remotely, they must be able to confidently state the following:
i. They understand the potential security threats posed by their online activity.
ii. They are literate in cybersecurity best practices and can be trusted to protect themselves from attacks when conducting business activity off-site.
iii. They are aware of the appropriate actions to take if they suspect they have been targeted by an attack.
While there are many benefits of remote work, business owners have to regard the behaviour of off-site employees with the same weight — if not more — than their enterprise safety in general.
No longer the sole territory of IT professionals, cybersecurity must filter into the common skill-set if remote work is to become a standard option. In this article, we’ll cover some of the most overlooked security threats posed by remote activity and how you can protect your organisation.
1. Network Probes
Practically any Managed Service Provider (MSP) or IT professional who’s overseen large networks will admit that they have been probed at some point.
By definition, a network probe is an attempt to gain access to a network by using known or potential weak points. Technically, probes aren’t intrusions. However, when ignored, they can lead to actual intrusions and network infections.
Hackers typically execute a probe in two phases: first, they install malware that uses a port scan or ping sweep to scan your network for vulnerabilities. If it spots any vulnerable devices it infects them. In the second phase, this infected device gives hackers a gateway into the network and helps them find further vulnerabilities.
One major challenge when trying to deal with probes is that they are difficult to detect. They typically have a ‘Patient Zero’ advantage — there has to be an attack before you even know someone has been testing the network. This means a probe on an employee’s home network might uncover vulnerabilities that could lead hackers right into your corporate network.
Luckily, Intrusion Detection Systems (IDS), come as part of the package for various security systems, including a large number of high-end consumer VPNs. This means that If your workforce isn’t equipped with a corporate VPN, IDS isn’t out of reach.
2. The “Evil Maid”
Hackers don’t always access networks remotely. Sometimes they physically access an unattended device multiple times to execute an attack. As your workforce begins to move off-site and your business’ equipment travels with it, this form of attack — known as the “evil maid attack” — becomes a concern. This kind of attack is so effective that not even Full Disk Encryption (FDE) can protect you.
Having previously dropped in popularity, evil maid attacks have begun to make a comeback. High-profile examples in recent years include the attack discovered by F-Secure’s Harry Sintonen in early 2018. He found evil maid attacks that exploited Intel’s Active Management Technology (AMT). The investigations revealed that insecure defaults in AMT would allow an intruder to by-pass all login credentials in a laptop in less than half a minute, making it perfect for an evil maid scenario. During his announcement, Sintonen warned that as little as a minute of being distracted from their device was enough for someone to execute an attack.
Your employees attend conferences, they use hotel WiFi, and they log in at Starbucks. These are the joys of remote work, aren’t they? But this also leaves room for devices to be left unattended — possibly for much longer than a minute. Should any malicious actor be present, they could install malware in a matter of seconds and continue their attack remotely.
3. Under-education
Every company is a technology company now. Employees must be made aware of what they are up against and taught how to protect themselves and their employer. Training in cybersecurity — whether it’s on or off-site — should be a key part of the onboarding process. While this seems obvious, too many small businesses presume themselves immune to digital dangers due to their size, and ignore these responsibilities as a result. The deeper the knowledge-base within your company, the more secure you’re likely to be.
From smart toys that double as spies to evil maid attacks and the mishandling of company devices, the culprit is often lack of proper training. As per the State of the Industry Report mentioned previously, the leading cause of data breaches in many organizations was employee negligence: an attitude that can be shifted with appropriate education. If you’re starting from scratch, find a short introductory course to get your team acquainted with the basics.
The Challenge of Interconnectivity
With different types of devices making it into your organisation’s network everyday, the role played by remote employees becomes even more critical. The smart home has overtaken the traditional home office, which means a minor vulnerability in a seemingly unrelated internet device could jeopardize your organisation.
Though the risks are inevitable, the solutions are simple. It’s relatively easy to ensure workers maintain a secure environment, regardless of the number of devices involved. If managed effectively, a remote workforce can be a huge benefit to your business.
i. Every device should be protected
To reduce the potential for malware — the most common gateway for attackers — ensure employees make use of robust security software and exercise industry-standard best practices.
ii. All connections should be secure
Protecting the device itself is only part of the puzzle. It’s equally important to secure the overall network connection. Using a VPN is one of the best ways to ensure your employees’ network is secure. This software comes in various formats and in different categories: Enterprise and Personal. Check reviews from trusted sources to determine the best solution for you.
iii. Rules are meant to be followed
If a worker takes no measures to regulate their activity, all the tools in the world won’t stop a security breach. At the heart of every secure organisation are the people who make the decision to implement the rules set by the management. Assign roles and define authority to ensure only certain people have remote access. Ensure these employees are aware of the risks and the consequences of negligence and factor this into their behaviour.
Creating a culture that upholds cybersecurity as a priority is an ongoing process. Organizations must make a strong investment in the area, acquire the requisite expertise, and commit to following best practices in order to feel confident in their defenses. This commitment must stem from top management and filter down, enabling employees to counter potential threats before they take place.