Nearly 80% of professionals work remotely at least one day a week, and 1.55 billion others are expected to work outside the boundaries of the corporate office by 2020, according to Frost & Sullivan research. This shift to a mobile workforce is causing technology disruption because remote workers require different solutions and infrastructure, which can increase vulnerabilities.
The security challenges aren't only the result of more employees working outside of the corporate office, but also the number of devices used by each individual. The same Frost & Sullivan report forecasts that more than 80 billion connected devices will be in use globally by 2025 — a staggering figure! Work has shifted from a place people go to daily to something people do, and as such, businesses need to be flexible, but not so flexible that their data and devices become security risks.
Cyberattacks have shifted as well, becoming less detectable by exploiting encryption and commonly used files. Malicious traffic is sent through encrypted HTTPS protocols, and malware increasingly uses transport layer security. Offices that don't upgrade their security tools and perform deep packet inspection on corporate Internet traffic will become a handy target for stealthy attacks. New attack methods are becoming progressively more common — such as pharming, in which links redirect users to fraudulent sites; vishing, the collection of personal information during a call; and smishing, where users receive texts with fraudulent links.
3 Areas to Focus Security Efforts
To properly secure the distributed workforce, it's best to focus on multiple areas. This allows organizations to place requirements around devices, applications, and network.
1. Devices are more than just laptops. Keeping employees efficient means the use of multiple devices — up to four tools each day, including cellphones, laptops, and wearables. And the rise of wearables opens a new enterprise security frontier. IT must secure these newer devices, especially because analysts predict that smart glasses and smart watches will see a high rate of enterprise adoption in the coming years. For these newer gadgets, IT can look to dynamic technologies, such as biometrics and GPS, and the type of information being accessed to authenticate the user rather than relying on static passwords.
Additionally, "bring your own device" (BYOD) policies continue to be a problem when it comes to data leaks. A well-designed BYOD plan that includes wireless LAN controllers and access points, a lightweight security mobility client, and robust identity services will help minimize device risks. Today's lightweight agile identity technologies use sophisticated cryptographic algorithms to locate security threats. As these solutions evolve to include geolocation and geosensing programs, identity management will become an important part of the security framework.
2. Newer generations demand flexibility. Generation X and millennial employees grew up with mobility solutions such as broadband, Wi-Fi, laptops, social media, and smartphones. They expect instant access to information from anywhere. The result is a new corporate structure rooted in flexibility and a dispersed workforce that demands collaboration software solutions and secure network connections.
The problem arises as remote access across unsecured wireless or LTE networks opens companies up to man-in-the-middle attacks, malicious apps, corporate espionage, and more. Even traditional applications such as Word and PDF documents create havoc when malicious codes are scripted into these files and then downloaded by unsuspecting users, ultimately launching a ransomware virus.
Cloud-based applications provide flexibility for mobile workers but also create issues because cyberattackers can hack in to steal user credentials, intercept data in transmission to the cloud, or access unencrypted files. An ideal way to protect against these threats is to extend security to the DNS through a cloud-delivered network security service. Predictive cybersecurity intelligence with live graphs of global DNS requests, along with other relevant information, can protect enterprises from attacks and assist in predicting future threats. This type of protection should also cover any off-VPN device and block the additional threat of malware, phishing, and other cyberthreats. Implementing cybersecurity operation centers for real-time monitoring of threats and security solutions can be useful, especially for remote workers.
3. Social media security education needed. LinkedIn, Twitter, Facebook, and other social media sites are very popular, especially among younger employees. And these platforms are also popular among cyberattackers. All employees need to be educated regarding personal information, such as birthdates, email addresses, and company names, that should and shouldn't be divulged online. Cyberattackers troll these sites to collect data and create targeted phishing attacks or use it to stalk or bully victims.
The best line of defense against cyberattacks for the mobile workforce is to take a more predictive stance. For instance, enterprises can create a "red team" — a group that challenges organizations to become more effective — to proactively hunt cyberthreats, improve security strategy, and train analysts with regular cyberdrills. And when was the last time your company ran a vulnerability assessment on its larger network and VPN,or a penetration test across its cloud solutions? Both evaluations can be used to identify critical gaps in the IT and operational technology environments. Finally, educating the mobile workforce about the dangers of unsecured wireless networks, social media hacking, and device usage will be the best line of defense for all companies.