Due to the global pandemic, nearly two-thirds of companies have moved half or more of their employees to telework. Sixty-two percent of employed Americans, for example, say they have worked from home during the crisis, with the number of remote employees doubling between March 13 and April 2 of 2020, and this is not just a temporary change.
Nearly a third of all organizations with remote workers expect that half or more will continue working from home after the pandemic.
Network Changes Impact Remote Work Security
The security implications of such a dramatic transition in such a short period of time cannot be overstated. Under normal circumstances, moving an entire workforce from secure IT environments to home networks with very little cybersecurity would take long-term planning and preparation. But that was not an option in 2020. As a result, 32% of respondents to Fortinet’s 2020 Securing Remote Work Survey found that setting up and managing secure connectivity to be the most challenging aspect of switching to telework.
Part of the problem was that the devices at the company’s core network were not designed to manage the volume of VPN connections required. As a result, many connections were not secure. Or even if they were encrypted, existing firewalls were incapable of inspecting VPN tunnels to ensure they weren’t being used to deliver malware – at least not without significantly slowing down connections.
But the other part of the challenge is that many home networks were not setup to support the bandwidth requirements of VPN, let alone bandwidth-hungry business applications such as video conferencing. In addition, end user devices (many workers began working from home using a personal device) were often unpatched and unsecured as were other devices connected to the home network. These challenges made home networks an ideal target for cybercriminals.
Cybercriminals Are Targeting Remote Workers
And as one might expect, threat researchers saw a significant shift in the behavior of cybercriminals. According to the latest Threat Landscape Report from FortiGuard Labs, global sensors detected that the top attack targets identified in the first half of 2020 switched from targeting corporate devices and applications to things like consumer-grade routers and devices such as DVRs normally attached to home networks.
There was also a significant increase in attacks targeting end users that used concerns about the coronavirus to lure them into clicking on malicious web links or open attachments infected with ransomware or other malware. The FortiGuard Labs team saw an average of about 600 new phishing campaigns per day during the spring. And because home users were no longer protected by corporate security devices, web-based malware became the most common attack vehicle, outranking email as the primary delivery vector used by cybercriminals for the first time in years.
And because many devices attached to home networks don’t get patched or updated as frequently as corporate devices, the most common exploits detected so far in 2020 have targeted older systems. Nearly two-thirds of attacks targeted vulnerabilities disclosed in 2018, and a quarter targeted vulnerabilities from 2004.
Seven Recommendations for Remote Workers
During the last several months, IT teams have been scrambling to close the security gaps in their remote worker strategy. But while 92% of organizations report budget investments to address teleworker security, end users are still the front line of any security strategy – and never more so than now. Here are a few suggestions of what they can do to reduce risks.
- Learn to Spot Attacks: Many organizations are sponsoring training programs to help their workers identify suspicious emails, websites, text messages, etc. In addition, there are free programs available online to provide end users with essential security training and information. And make sure everyone at home using the network, from roommates to children, get cybersecurity training as well.
- Harden Passwords: Another easy step is to simply make passwords harder to guess, and also use different passwords for different accounts. To manage these passwords, use a secure password management system that can remember passwords. Then all anyone needs to remember is the login information for that one application.
- Use Multi-Factor Authentication (MFA): Also known as two-factor authentication, MFA combines something a user knows, such as a password, with something they have, such as a fingerprint or a security token. MFA should especially be used when accessing financial information or logging onto the company network.
- Patch Home Devices: Have users look at all of their devices at home and make sure they are running the latest versions of their operating systems. Even gaming and entertainment systems have options that let users check to see if they are running the latest version.
- Secure Home Networks: This is probably a good time to consider adding or upgrading a security application to protect the home network and devices from attacks. In addition, many home routers now include gateway security which should also be enabled. Some cable operators and internet service providers also provide free security. Remote workers should make sure that logging onto the home WiFi requires a password. TThey should consider an email gateway that can detect and filter out malicious email attachment and links.
- Improve Device Security: New advanced endpoint security solutions, known as endpoint detection and recovery (EDR), not only provides better threat detection, but also prevents infections that manage to get onto your device from executing their malware. EDR solutions should not only be applied to remote worker devices, but also on other endpoint devices in the home.
- Upgrade Internet Connections: Remote workers should consider upgrading their internet service so they can run business-critical applications even when others are streaming movies or playing online games. Companies should consider providing funds to help offset the cost of a bandwidth upgrade.
Cybercriminals will continue to target remote workers, with no signs of letting up. Adding these seven steps to any corporate security strategy is the right way to begin protecting today’s distributed networks that include remote workers.