Your users are working from home on networks that aren’t secure. A recent study of 127 popular routers found that every single one of them had critical vulnerabilities. These range from easily guessed login credentials (the username and password might be hardcoded as “admin”) to devices that are seldom given security patches. One-third of the routers tested was running a version of Linux that was last updated in 2011.
It goes without saying that this is dangerous, particularly at a time when more people than ever are working remotely. The IT department can control the network in the office, but there’s no way to check every remote worker’s home network. If an employee’s router is compromised then all kinds of attacks are possible including, for example, redirecting users to websites that appear genuine, but which are designed to steal credentials.
And home networks are not the only risk that employees are being exposed to in these times. With entire households home-working and home-schooling, it can be tempting to relocate to a nearby cafe and use the public WiFi there. Hackers can often compromise these networks or simply create spoof networks with matching names and lure people onto those.
Again, once they are in, they can compromise machines, hijack data and steal credentials. Your regular remote workers might know all this. Perhaps they have to do training before they are issued with a company laptop. Unfortunately, in the rush to set up thousands of employees to work remotely during the pandemic, many people started remote working with little, if any, training on how to stay secure.
Many companies will circumvent the problem by requiring employees to access line of business applications via a virtual private network (VPN) but not enough are doing this. In our recent survey of remote working practices, just 29 per cent of respondents said they were using a VPN. Almost as many - 26 per cent - said they used an application installed locally on their machine.
This is risky, to say the least. You might feel that it’s an acceptable risk, but we know that cybercriminals increased their activity during the pandemic. They knew, even if companies didn’t, that the number of potential targets was about to increase massively.
Companies need to make sure that everyone is familiar with best-practice security measures when working remotely - and that applies to people who have been remote workers for a while. Beyond that, companies need as much visibility as possible of security issues across all their platforms. The kind of single-pane security visibility that Cloudhelix provides will help, for example.
Another solution is SD-WAN (software-defined wide area network) technology, which offers a new way to handle corporate networking by virtualising the network infrastructure, instead of requiring proprietary hardware. It can be designed to prioritise cloud-based applications, whether an employee is connecting from home or the office and can add security functionality without the need for more equipment.
The challenge of securing home workers won’t go away. Finding the best solution means partnering with a provider that has the experience and sector knowledge to determine what will work for your particular circumstances.
Posted in Business on Jan 20, 2021