sb-as logo
Story image

Are remote workers really the answer? Report finds huge security issues

07 Mar 2018

The swelling generation of mobile workers is causing headaches for IT staff.

A study by OneLogin has found 74 percent of UK businesses currently provide their employees with the benefit of remote working and are now grappling with finding a balance between productivity and security.

These ‘headaches’ are certainly justified as the study found more than half of remote workers spend up to one day per week connected to unsecured networks, effectively opening the door to a host of cyber threats.

“Hackers are increasingly going after high-value targets, such as executives or users with privileged access. And rather than deploying very sophisticated technical attacks, they are using social engineering or password replay attacks,” says OneLogin CTO Thomas Pederson.

“For example, if a hacker wants to compromise a particular individual, all they need to do is look in many of the leaked password databases on the dark web and figure out that person’s corporate email address and then start trying to sign into applications where the user might have an account. This kind of attack is something enterprises can only protect themselves against using multi-factor authentication.”

48 percent of businesses have enforced VPNs to create a secure link between the home and corporate networks, which should technically solve all the security issues associated with remote working and unsecured WiFi networks.

However, organisations have inadvertently made productive remote working impossible with ‘not fit for purpose’ security protocols as 30 percent receive frequent complaints that the use of a VPN slows down network access when working out of the office.

What’s more, the study shows VPN’s are notoriously prone to breaking down with 67 percent of businesses experiencing up to a week of VPN downtime over the last 12 months.

OneLogin says these and other VPN hang-ups are effectively countering the benefits remoting working is supposed to promote like productivity and a happier workforce.

“With productivity levels compromised, companies such as HP, IBM and Yahoo have decided to turn their backs on remote working altogether,” says OneLogin chief information security officer Alvaro Hoyos.

“However, businesses shouldn’t jump too quickly to cast remote working aside. It is possible for businesses to enable and actively encourage remote working, without compromising security or productivity.”

Hoyos says given the questionable reliability of VPNs, mobile workers are more likely to turn to potentially unsecured networks.

“This could be devastating as data breaches could leave confidential documents in the wrong hands and can be incredibly costly to remediate. By using next-generation mobile container technology, organisations can extend endpoint security from desktops to mobile devices and thereby enjoy a unified endpoint management solution,” says Hoyos.

Pederson says traditional enterprises are still mainly focused on the on-premises security because that’s where the majority of their IT workload is located.

“However, with growing shadow IT and strategic cloud applications being deployed, enterprises must learn to rely less on the physical perimeter for security and instead focus on getting a solid grip on the identities accessing corporate data,” says Pederson.

“Enterprises must adopt a zero-trust security model where workers are not trusted more just because they are located inside the physical perimeter. Users should always be authenticated using multiple factors whether it be a one-time password, biometric or a certificate deployed on the user’s device.”

Story image
Surfshark rolls out WireGuard open source VPN protocol
When there is less code in a VPN, it is less susceptible to security vulnerabilities due to easier configuration and management, according to Surfshark.More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Report: Power utilities increasingly at risk of devastating cyber-attacks
“Utilities’ existing systems are becoming increasingly connected through sensors and networks, and, due to their dispersed nature, are even more difficult to control.”More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More