As companies continue to grapple with the COVID-19 pandemic and its impact on in-office functions, many business leaders are embracing cloud applications and distributed teams as a temporary solution. At least, that was the plan. Thanks to a recent surge in coronavirus cases, as reported by Time Magazine, remote work seems like it may become the new normal for countless employees across the country. The provisional workarounds companies put in place are giving way to more permanent measures that will impact how businesses operate in 2021 and beyond.
The rapid shift to distributed workspaces has delivered mixed results. Organizations that were already on a digital transformation journey had an easier time pivoting to a fully remote operating model. Those that took a slow-roll approach found themselves deploying a suite of cloud applications and security tools out of pure necessity, often without proper alignment between traditional software and new IT solutions. To ensure remote workers can remain productive in these uncertain times, businesses must anticipate the unique security risks that come with managing a distributed workforce and take decisive action.
Here are the top four cybersecurity challenges for working in decentralized workspaces:
Malware and ransomware issues have been pervasive for organizations that rely on IT assets, but the coronavirus pandemic has made the cybersecurity landscape a lot more volatile. According to research from Skybox Security, new ransomware samples increased 72% during the first half of 2020, with many cybercriminals looking to capitalize on the current health crisis. Whether delivered through spoofed websites or malicious emails, malware has the potential to cripple corporate networks, wipe out critical databases and lockdown distributed workstations.
In traditional office settings, companies are able to insulate workstations and databases from malware using advanced security tools and network protections. However, with hundreds (even thousands) of employees working from home, this visibility and control is increasingly difficult to maintain.
Another challenge has to do with employees’ personal devices and networking equipment — research from the security firm eSentire discovered a 539% increase in attacks targeting routers since 2017. Considering these networking tools are crucial for facilitating access to key applications and data, companies will need to implement new cybersecurity strategies to protect off-site employees and their business technologies.
- Phishing scams
Although there is often overlap between malware infections and phishing scams, it’s important to make a clear distinction within internal security policies. Phishing operations solely rely on human error and negligence, whereas malware can be distributed through brute-force attacks and unsecured backdoors.
According to a report from Tessian, phishing is the leading cause of security incidents impacting remote workers. Of course, this issue has been amplified by the estimated 129% increase in email traffic observed between March and July 2020. With more phishing emails coming in, remote employees must pay closer attention to their inboxes, avoid suspicious hyperlinks and reply to information requests with a higher degree of caution.
From a business perspective, preventing phishing-based attacks is all about awareness and user behavior. All distributed teams must be carefully trained on how to identify and report malicious emails, which can burden IT helpdesk staff and distract from other security initiatives and implementations.
- OS and software patches
A growing number of remote employees have started using their personal devices to complete work-related tasks, introducing new vulnerabilities that would-be hackers can exploit. Outdated OS and software versions often have zero-day code bugs and security gaps that weaken users’ overall IT posture. This is why vulnerability scanning and patch management are an essential part of safeguarding distributed workstations.
Even with a clearly defined patching schedule, companies can still struggle to keep all in-network devices and applications up to date. For example, more than half of all companies (55%) say they spend more time manually navigating internal processes than actually patching vulnerabilities, according to a survey conducted by the Ponemon Institute. Integrating automated patching tools can help eliminate time-consuming management tasks and give IT administrators enhanced oversight of every device connected to their network and systems.
- Configuration drift
Minimizing the attack surface of IT infrastructure requires complete visibility and control over device settings and security configurations. However, workstations can slowly drift away from a hardened state over time. This not only impacts productivity at the employee-level, it can also introduce new threats for upstream systems, applications and managed services.
Locking devices in one pristine state can help alleviate configuration drift and provide a fail-safe for computer problems. For example, Faronics’ Deep Freeze application offers reboot-to-restore functionality that makes endpoints near-indestructible. When unwanted changes or security threats crop out, users can revert to pre-defined settings with a simple restart of their computers. This, in turn, helps reduce the frequency of low-priority support tickets and accelerates resolution times for all distributed teams.
At Faronics, we’re constantly looking to the future to help businesses remain agile, adaptable and in control. Our Deploy application offers lightning-fast deployment of new workstations, enhanced application management and automated patching solutions for both Windows and Mac machines.