FEATURE
Two years on from the start of the COVID-19 pandemic , organisations around the globe are still working on how best to scale their internal workfrom-home arrangements in a way that limits cybersecurity threats . In the abrupt shift to remote working back in early 2020 , business leaders and IT teams were focused on quickly enabling their workforces to be operational while security considerations often took a back seat .
When employees suddenly began accessing enterprise applications and assets on home devices over a home Wi-Fi , unreasonable security risks were created and the door was thrown open for malicious actors . For example , home workers are easy targets for phishing and malware attacks that attempt to steal their personal information or gain access to company accounts .
While the attack surface has expanded , there are ways to keep up with hackers and mitigate these risks . Here are seven top tips for securing a remote workforce .
It ’ s important to create a strong culture of security and ensure both the informational awareness and genuine engagement of all members of your team .
1 . Workforce training
One way that organisations can reduce the risk of phishing and malware attacks is through training – specifically , by raising the awareness of the WFH team , explaining common hacking techniques and providing information about the risks associated with them .
With so many employees based at home due to COVID-19 ( and the end of it more unclear than ever with Omicron ), it ’ s important to create a strong culture of security and ensure both the informational awareness and genuine engagement of all members of your team . Security teams can provide weekly updates about new trends , conduct monthly training , implement known Indicators of Compromise ( IoCs ) and make it easier for employees to report concerns .
2 . Updating patches
With a remote team , it is even more essential that all network infrastructure devices – and any devices used to remotely access work environments – are updated with the latest software patches and security configurations , and that only the latest versions are used .
Many attacks have been attributed to missing patches . For example , you can mitigate the risk of the new , critical remote code execution ( RCE ) zero-day exploits for Apache Log4j Java-based logging library by upgrading every impacted Apache Log4j as a critical emerging vulnerability . Log4J allows hackers to conduct unauthenticated RCE and achieve a complete system takeover . The security flaws , which were made public in December 2021 , open the door to attack in many companies ’ systems .
3 . Leveraging new technologies
By using a new approach called Security Access Services Edge – SASE ( pronounced ‘ sassy ’) – a new cloud service architectural model , a subcomponent of SD-WAN – organisations can extend corporate security policies to each individual user so that the WFH employee and the business have confidence that the employee is protected and corporate data is not at risk .
While most network and network security architectures are poorly equipped to meet the dynamic secure access requirements of a WFH enterprise , SASE is driven by identities . www . intelligentciso . com
37