Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Matthew Gyde
Matthew Gyde
Connect Directly
E-Mail vvv

Keep Employees Secure, Wherever They Are

As workers grow more dispersed, organizations need to focus on three areas to maintain security.

Nearly 80% of professionals work remotely at least one day a week, and 1.55 billion others are expected to work outside the boundaries of the corporate office by 2020, according to Frost & Sullivan research. This shift to a mobile workforce is causing technology disruption because remote workers require different solutions and infrastructure, which can increase vulnerabilities. 

The security challenges aren't only the result of more employees working outside of the corporate office, but also the number of devices used by each individual. The same Frost & Sullivan report forecasts that more than 80 billion connected devices will be in use globally by 2025 — a staggering figure! Work has shifted from a place people go to daily to something people do, and as such, businesses need to be flexible, but not so flexible that their data and devices become security risks.

Cyberattacks have shifted as well, becoming less detectable by exploiting encryption and commonly used files. Malicious traffic is sent through encrypted HTTPS protocols, and malware increasingly uses transport layer security. Offices that don't upgrade their security tools and perform deep packet inspection on corporate Internet traffic will become a handy target for stealthy attacks. New attack methods are becoming progressively more common — such as pharming, in which links redirect users to fraudulent sites; vishing, the collection of personal information during a call; and smishing, where users receive texts with fraudulent links.

3 Areas to Focus Security Efforts
To properly secure the distributed workforce, it's best to focus on multiple areas. This allows organizations to place requirements around devices, applications, and network.

1. Devices are more than just laptops. Keeping employees efficient means the use of multiple devices — up to four tools each day, including cellphones, laptops, and wearables. And the rise of wearables opens a new enterprise security frontier. IT must secure these newer devices, especially because analysts predict that smart glasses and smart watches will see a high rate of enterprise adoption in the coming years. For these newer gadgets, IT can look to dynamic technologies, such as biometrics and GPS, and the type of information being accessed to authenticate the user rather than relying on static passwords.

Additionally, "bring your own device" (BYOD) policies continue to be a problem when it comes to data leaks. A well-designed BYOD plan that includes wireless LAN controllers and access points, a lightweight security mobility client, and robust identity services will help minimize device risks. Today's lightweight agile identity technologies use sophisticated cryptographic algorithms to locate security threats. As these solutions evolve to include geolocation and geosensing programs, identity management will become an important part of the security framework.

2. Newer generations demand flexibility. Generation X and millennial employees grew up with mobility solutions such as broadband, Wi-Fi, laptops, social media, and smartphones. They expect instant access to information from anywhere. The result is a new corporate structure rooted in flexibility and a dispersed workforce that demands collaboration software solutions and secure network connections.

The problem arises as remote access across unsecured wireless or LTE networks opens companies up to man-in-the-middle attacks, malicious apps, corporate espionage, and more. Even traditional applications such as Word and PDF documents create havoc when malicious codes are scripted into these files and then downloaded by unsuspecting users, ultimately launching a ransomware virus.

Cloud-based applications provide flexibility for mobile workers but also create issues because cyberattackers can hack in to steal user credentials, intercept data in transmission to the cloud, or access unencrypted files. An ideal way to protect against these threats is to extend security to the DNS through a cloud-delivered network security service. Predictive cybersecurity intelligence with live graphs of global DNS requests, along with other relevant information, can protect enterprises from attacks and assist in predicting future threats. This type of protection should also cover any off-VPN device and block the additional threat of malware, phishing, and other cyberthreats. Implementing cybersecurity operation centers for real-time monitoring of threats and security solutions can be useful, especially for remote workers.

3. Social media security education needed. LinkedIn, Twitter, Facebook, and other social media sites are very popular, especially among younger employees. And these platforms are also popular among cyberattackers. All employees need to be educated regarding personal information, such as birthdates, email addresses, and company names, that should and shouldn't be divulged online. Cyberattackers troll these sites to collect data and create targeted phishing attacks or use it to stalk or bully victims.

The best line of defense against cyberattacks for the mobile workforce is to take a more predictive stance. For instance, enterprises can create a "red team" — a group that challenges organizations to become more effective — to proactively hunt cyberthreats, improve security strategy, and train analysts with regular cyberdrills. And when was the last time your company ran a vulnerability assessment on its larger network and VPN,or a penetration test across its cloud solutions? Both evaluations can be used to identify critical gaps in the IT and operational technology environments. Finally, educating the mobile workforce about the dangers of unsecured wireless networks, social media hacking, and device usage will be the best line of defense for all companies.

Related Content:

Matthew Gyde is a group executive for the security business unit at Dimension Data, an ICT solutions and services provider. He joined Dimension Data in 2005, having been in the security industry for the previous 10 years in various roles across clients and service providers. ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/4/2017 | 9:22:41 AM
Pitfalls of Working Remotely
I believe that the number of people who work remotely is growing rapidly, and employers should pay more attention to the security of these colleagues. While it's hard to track someone's private computers, companies should know that their secret info won't be revealed for sure. Thus, there are some pitfalls for companies that should be overcome
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
PUBLISHED: 2020-05-25
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.
PUBLISHED: 2020-05-25
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.