When the global COVID-19 pandemic first caused a rapid shift to work-from-home policies wherever possible, it was treated as a temporary move that would only last until the pandemic blew over. We've seen how that has panned out.
Remote work isn't going away. Sure, companies will go back to offices eventually. Some already are, in limited numbers, with safeguards in place. But many companies are finding that remote work actually works for them. They're maintaining productivity, their employees are adapting, and they're starting to wonder whether leasing office space in that San Francisco high rise is a cost they can leave behind.
Temporary or not, the shift to remote work has caused lasting changes to the way people work. Even companies that go back to having an office presence have developed the WFH muscle and will continue to exercise that muscle, whether by hiring more remote employees, retaining employees that move out of town, or even shifting permanently to entirely remote workforces.
But security is different for all-remote or hybrid companies. A recent SANS Survey indicated that vastly increased numbers of employees are accessing sensitive data from home using a VPN, RDP, or using a personal device instead of one with a company asset tag. Remote work comes with the cost of adapting your security operations to match the new landscape.
Here are just a few stats from that SANS Survey:
- 88% of respondents rely on VPN tunneling for their work, but how are those VPN tunnels secured at scale?
- 30% rely on RDP, a protocol notorious for being abused by attackers. How are businesses assuring that RDP sessions are legitimate, and being used securely?
- Only ~13% of respondents indicated that their organization fully manages webcams in their environment. How are businesses ensuring that sensitive, connected devices and IoT in workers' homes aren't providing a vector for stealthy attackers?
Whether companies see a remote workforce as a time-limited state, or as the future of modern offices, they must learn to cope with these security challenges in the long haul. VPNs aren't perfectly secure, and RDP in the wrong hands is a security nightmare. Let's not even start on IoT.
In a recent SANS webinar, ExtraHop engineers and partners discussed how companies can secure their remote workforces for the long haul and get the benefits of WFH without succumbing to the changing security risks.