Telecommuting should not be seen as an additional complexity or security risk in an ideal world. However, companies have traditionally evolved by separating the “private” intranet from the “public” oriented network and still rely on this separation, either physically, where the two networks are decoupled, or by implementing secure remote access to the private network. Secure remote access to company infrastructure is often complex and expensive, especially in companies that still rely on intranets or internal services for day-to-day operations. This is probably one of the things that made telecommuting relatively unpopular with companies during the “pre-COVID” era.
In an ideal world, telecommuting should not be seen as an additional layer of complexity or a security risk.
The main risks of working from home are:
Increased fraudulent emails lure victims into revealing company credentials (phishing) or open attachments manipulated with ransomware. When working with a personal computer, the IT team has no control over the security solution, the way it is configured, or the level of security patching of the operating system used.
Compliance risks: Customer and company data is stored securely following local or international laws at work. Data encryption, device management, and other security controls are not necessarily available on home devices, which could facilitate the theft or unauthorised disclosure of customer or company information.
Hostile network environment: Unlike corporate network setups, home networks are an amalgam of devices that often connect to an outdated and vulnerable router. Hackers take advantage of this and test home connections for vulnerable network equipment that they could compromise. IoT devices are another primary concern that could play a crucial role in data theft.
Returning to the office is not within the forecasts for this year for all companies, either due to the limitations of COVID and because employees are no longer interested in returning, already accustomed to telecommuting. Unfortunately, most teleworkers are not yet aware that they are a potential safety hazard in their business. The human factor continues to be the main risk for organisations and is responsible for most cyberattacks. The protection of the endpoint has become an essential aspect as ransomware extends. Bitdefender GravityZone Ultra provides endpoint risk analysis, safety, and EDR, all through a typical agent and console to continually assess and prioritise security misconfigurations and misconfigurations on reducing the attack surface on endpoints.