Shrinking the Attack Surface of Your Distributed Workforce

The majority of us live in a house divided: part of the week we work in-office and the rest is spent working from home. These flexible working agreements can be great for employee morale and work-life balance. But companies who aren’t proactive also risk putting a strain on their security and compliance controls.

Remote work dramatically expands the attack surface area and has fueled a 238% increase in cyber incidents over the course of the pandemic.

Organizations who want to capitalize on hybrid work without compromising their security posture should focus their efforts on these Tech Target-identified risks.

Unsecured endpoints

From laptops and computers to mobile devices and printers, every endpoint is an entry point if not properly secured. If it connects to your network, it needs to be protected with services like antivirus and firewall to avoid being exploited.

Security skills shortages

Can’t find or keep qualified security talent? You’re not alone. More than half of IT leaders share your frustration, 67% of which admit these shortages “present greater risks to their organizations” due to things like lack of continuous security monitoring, according to a 2022 Cybersecurity Skills Gap Global Research Report.

Unencrypted data transfers

Anytime sensitive information is downloaded or shared improperly, you run the risk of a data leak. Update your policies and procedures to require that work files be encrypted before shared or housed in encrypted environments.

Phishing targets

Human error accounts for somewhere between 82% and 95% of all cyber incidents. Getting hooked by a phishing scam is far and away the most common reason. Thanks to factors like at-home distractions, remote workers can be more easily tricked by legitimate-looking requests, particularly malicious messages impersonating a boss, colleague, or vendor.

Network vulnerability

Public networks and even home WiFi setups can put your company data at risk. In fact, there have been more home router hacks documented by state-sponsored attack groups than any other time in history.

Loose access controls

According to Check Point Software Technologies’ “2022 Cloud Security Report”, more than one-fourth of information security professionals surveyed said their organizations experienced a security incident in the public cloud infrastructure within the past year. The leading cause? Security misconfigurations.

Outdated security patches

Once new updates to your software or operating system become available, malicious actors know exactly where the present vulnerabilities are. You’re exponentially more likely to experience a ransomware attack the longer they’re left unpatched, a costly and destabilizing experience that occurred more than 623.3 million times worldwide last year.

Shadow IT

Hardware, software, and cloud apps that aren’t expressly known and approved are known as ‘shadow IT’. 32% of employees admit to having communication or collaboration tools that fit into this category, the use of which increases your attack surface since they can’t be effectively monitored by your security team.

Password hygiene

80% of data breaches can be traced back to passwords. If you do nothing else, ensure employees agree to a password policy that requires them to use strong, unique passwords for any site they access on the company network. Two-factor authentication and password managers are highly recommended.

Insufficient training

As you’re planning your security content, beware of Fear Fatigue, a phenomenon reported by 80% of respondents. Security Mentor defines this as, “demotivation to follow recommended protective behaviors, emerging gradually over time and affected by a number of emotions, experiences, and perceptions.”

Once you know what you watch for, you can take action to better safeguard your distributed workforce. Focus on org-wide compliance, updated WFH tools, and comprehensive security solutions to help you monitor and head off impending cyber threats.