With the rapid increase in the number of employees working from home as a result of the COVID-19 outbreak, the enterprise network has effectively become much larger, more dispersed, and more difficult to secure.
Attackers have taken note and are making efforts to use the crisis and the distractions it creates for potential targets to their advantage. Google reported detecting more than 18 million malware and phishing emails leveraging COVID-19 themes in just one day, and that was in addition to the 240 million other spam emails they recorded. That’s a lot of potential attacks for one day.
Being Prepared is Being Aware
What happens on the home network can easily bleed over to the enterprise, especially when best practices are not adhered to or applications are employed without understanding how they can impact security both inside the home and inside the corporate firewall.
Remote workers need to take the necessary steps to secure their home network, use applications responsibly, and lock down their devices – both for their own security and for that of the corporate systems they will likely be connecting to a good part of each day.
The Zero Trust Guide to Remote Worker Security white paper provides remote workers with tips on a wide range of security issues they should be aware of when working from the field, plus steps to take to mitigate the risks, with guidance on common attack vectors including:
Social Engineering: this can take many forms, ranging from malicious phishing emails and support scam phone calls to phony social media profiles and bogus notifications from seemingly trusted sources.
Application Vulnerability Exploits: vulnerabilities within applications present on a device can be exploited to gain remote access to it.
Malicious Apps and Excessive Permissions: malicious or vulnerable applications downloaded from unverified third-party websites, and even some that are present in legitimate app stores, can be leveraged by attackers to compromise a device.
Malicious and Compromised Websites: these kinds of attacks are often referred to as “drive-by” or “watering hole” attacks depending on the nature of the operation.
Attacks Via Wireless Interfaces: devices that have wireless interface capabilities can be attacked through cellular network connections, Wi-Fi, Bluetooth, or near-field communications (NFC).
Take a Page from the Zero Trust Playbook
The Zero Trust security model trusts nothing and no one by default. Under a Zero Trust security model, every user, device, and network are assumed to be hostile until they can be validated, and they are continuously validated to prevent a security lapse. Remote workers can apply the Zero Trust concept of assuming everything is a potential attack or avenue to compromise until they can verify that it is not.
The Zero Trust Guide to Remote Worker Security serves to act as a starting point for remote workers to take some simple steps to improve their security posture when working remotely – download this valuable resource today.
