Endpoint security is something that should concern organizations of all sizes. Every corporate network is at risk from hackers, organized crime, and malicious threats; even if employees only work remotely on a part-time basis, it is essential that the right protective measures are in place in order to secure employee devices.
About the author
Sami Bouremoum, CEO at Hofy.
This presents a unique challenge for IT departments, with pressure not only from changing trends in the workplace, but also the rising levels of cybercrime that show no sign of slowing down. In 2021, weekly cyberattacks on corporate networks were up 50% compared to 2020. The average data breach costs $ 4.24 million, and there could be very real consequences if endpoint security isn’t more than just an afterthought of an IT policy.
Here are just some of the key IT challenges – and actionable solutions – that come with remote working.
1. The reliance on digital communication to share information
Considerable sensitive conversations could historically have taken place across a desk or in a boardroom, remote teams have no option but to share information virtually. All digital communication mediums – such as instant messengers, emails, cloud documents and video conferencing – are susceptible to attack. The average employee receives 14 malicious emails per year and, in an analysis of 13 popular video-chatting applications, the US National Security Agency (NSA) concluded that every single one had a security deficiency.
The most immediate solution to this is to enforce password protection on all virtual meetings and communications. Employee devices can also be enrolled onto a mobile device management (MDM) solution. This allows IT departments to monitor the level of protection on those devices and mitigate risks by deploying security patches, software updates and ensuring baseline security controls are enabled.
2. Insecure networks
In offices, IT departments can impose security protocols, such as blacklisted IP addresses and firewalls, on their network to prevent external bodies from compromising them. The same rules cannot be enforced on home broadband or a public WiFi network. Many home Wi-Fi are only protected by factory-default passwords, or have no password at all. Older encryption methods, such as Wired Equivalent Privacy (WEP) or WPS, are easily compromised.
Sophisticated cyber criminals can also set up fraudulent access points (referred to as “evil twin” access points), that appear legitimate, but allow the attackers to access sensitive data. Similarly, public spaces – such as coffee shops, bookstores or co-working spaces – often have limited, if any, security measures in place.
The solution here is to implement ‘Never trust, Always verify’ security solutions. Those employee devices that are at home or on a public WiFi network need to be consistent in their software and hardware updates with an emphasis on vigilance whenever connecting to an unknown network. An organization can also incorporate encrypted disk drives into its security policy as an extra level of protection should a breach occur.
3. Personal Devices
From a hardware standpoint, the solution is to supply every remote worker with a business device that is configured with security measures and enrolled into a mobile device management (MDM) solution that can be managed remotely.
As with home or public networks, IT departments cannot impose security measures on personal devices. This poses a security risk when over half of employees claim to use their personal laptop or phone for work at some point in their working life. The real risks come when employees need to work on asynchronous schedules, away from offices, and need to download work-related apps, such as Slack, Zoom and Google Docs, onto their personal devices. This significantly increases the risk of sensitive information leaking into an insecure environment.
4. Use of unauthorized applications
We are creatures of habit, and it is not uncommon for employees to use applications outside of those prescribed by a company in the workplace. They may be more familiar with them from previous roles, or believe them to be more efficient for the task at hand but, if security controls are improperly configured, cyber criminals may be able to access sensitive data. Web application breaches make up 43% of all breaches and have doubled in frequency since 2019 (Verizon).
The ideal solution is to pre-install applications onto devices before delivering them to employees to reduce the likelihood of employees downloading other apps. Outside of this, another pre-emptive action would be to create a list of approved applications with administrative oversight, and deploy tools that enforce the approved / not-approved list. Again, password policies and security measures, such as multi-factor authentication (MFA), can be enforced based around an appropriate risk level.
5. Email phishing scams
Unsurprisingly, as emails have gained even more traction as a means of communication, phishing scams have soared since the pandemic began. They have also adapted to target people’s curiosity about coronavirus as a topic; in April 2020, at a time when most governments had just introduced home working orders, Google’s mail servers detected 18 million coronavirus-related malware and phishing emails per day.
There aren’t any specific ways to prevent phishing scams, measures instead come in the form of employee education. It’s imperative that employees never give away credit card or password information via email, download attachments or click through email links from unverified sources. They should also not store sensitive information on unverified websites. Should a breach occur, organizations can look to a 24/7 IT help desk as a way in which to communicate to employees and solve problems that may arise.
Read up on the best online cybersecurity courses.