The COVID-19 pandemic is disrupting business operations for countless organizations around the world, forcing millions of employees to work remotely for the foreseeable future. For most, this transition was sudden and unexpected, with many enterprises pushing out new cloud applications and management systems to support off-site workers. These rapid deployments, while necessary, have led many IT administrators and business leaders to put cybersecurity on the back burner, at least temporarily. However, cybercriminals have already started taking advantage of these weaknesses, which is why companies must stay vigilant and warn end-users about the risks posed by specific cybersecurity threats.
Remote work trends during COVID-19
The rapid surge in remote work has extended the attack surface of enterprise networks, systems and data stores, exposing employees to both known and emergent threats that can be difficult to control. Before the COVID-19 pandemic, many of these cyberattack methods would have been mitigated by on-site security controls, including firewalls, antivirus software and vulnerability scanning tools. Now that employees are working from home, often relying on their personal devices, new cybersecurity practices are needed to prevent data breaches and other malicious activity.
According to a Gallup poll released in late-May, roughly 70% of employees in the U.S. are still working remotely at least part-time, a trend that shows no sign of slowing down in the near future. In fact, one study from PricewaterhouseCoopers found that more than half of surveyed CFOs plan to make remote work a permanent option for certain roles. This shift in philosophy demonstrates just how ubiquitous remote work environments have become and the key role these workforces will play post-pandemic. By making targeted improvements to their cybersecurity policies and platforms now, businesses can simultaneously mitigate short-term threats and set themselves up for long-term success.
Top cybersecurity challenges
Before enterprises can reap the benefits of the ongoing remote work revolution, they first need to educate end-users about key cybersecurity challenges. Since the pandemic started, the global security firm Herjavec Group has put out several security alerts warning business leaders about specific attack vectors cybercriminals are exploiting, including:
This form of social engineering has skyrocketed over the past few months, in part due to the rapid transition to remote work environments. Cybercriminals have begun impersonating health officials, HR representatives and even tech platforms – like Skype and Zoom – to persuade employees to hand over their login credentials or click on an infected link, Security Magazine reported. Unlike brute-force attacks, phishing scams rely on human error and a lack of end-user security awareness to be effective. As such, it’s crucial to train employees on how to spot phishing attempts and offer them a way to report potentially harmful emails. Considering 70% of cyberattacks use a combination of phishing tactics and hacking, according to Verizon’s Data Breach Investigations Report, proactive cybersecurity training can meaningfully reduce an organization’s attack surface.
Now more than ever, the performance and availability of enterprise systems and networks has become a top priority. This reliance on digital resources has unintentionally provided hackers with added leverage to extort businesses using ransomware. As noted by KPMG, the increase in ransomware activity is partially the result of weaker home IT and network controls. While IT administrators are able to maintain complete visibility and control over on-site workstations, employees’ personal computers often lack this level of oversight. By delivering targeted ransomware to vulnerable users and endpoints, cybercriminals can lockdown key data stores and knowledge-sharing systems until a hefty ransom is paid.
To cope with the sudden shift to remote work, many organizations have integrated virtual private networks into their workflows. VPNs help protect data through complex encryption processes, ensuring all traffic between home computers and the enterprise network is secured. However, PwC explained that malicious actors are taking advantage of publicly known vulnerabilities in VPNs and other teleworking platforms. By exploiting these bugs, hackers can deliver crippling malware or gain access to confidential information. According to a security alert from the Cybersecurity and Infrastructure Security Agency, targeted attacks against VPN products from Pulse Secure, Fortinet and Palo Alto are on the rise, along with communications platforms like Zoom and Microsoft Teams.
Software and OS patching
Much like VPNs, most business applications, operating systems and software products need to be regularly updated to eliminate zero-day threats and other forms of exploitation. Prior to the pandemic, IT administrators were often in charge of monitoring and updating on-site workstations. These company-owned devices could be controlled with precision, helping reduce the threat of brute-force attacks, malware infections and unwanted configuration changes.
With millions of employees working from home and using their personal devices, organizations must find new ways of patching vulnerable workstations and applications. This need is reflected in the booming IT marketplace – research from Technavio found that the patch management software market is expected to grow by $336.03 million between 2019 and 2023, largely driven by the impact of COVID-19. As more organizations consider making remote work a permanent fixture, the demand for adapted patching solutions will only expand.
Improving remote employee security with Faronics
The modern business landscape is filled with uncertainty, leading many IT leaders to integrate new management platforms that can be form-fitted to their evolving needs. Faronics’ Deep Freeze application empowers end-users to solve their own tech issues with a simple restart of their devices, freeing up your IT team to focus on what really matters: Building robust systems and networks that are reliable in times of crisis and normalcy. Using Deep Freeze, companies can lock workstations in their ideal state, reducing the impact of configuration drift and ensuring all in-network computers have the latest OS and software versions. This functionality can not only reduce the threat of brute-force attacks, ransomware and data breaches, it can also reverse malicious changes brought on by phishing scams.
Organizations that are just now transitioning to a long-term remote work strategy may also benefit from Faronics’ Deploy, a cloud-based application that simplifies device management. Using Deploy, IT administrators can quickly add new workstations to their environment, create automated patching rules and remote-in over the web via RDP or VNC.