We have heard it said all too often: people are the weakest link in the security chain, but this kind of admonition is oversimplifying a complicated matter. Safe technology use is not as easy as it would seem when we are up against sophisticated adversaries who prey on vulnerabilities in human nature.
Take ecommerce for example. While it was somewhat novel a decade or more ago, today it is ubiquitous and a major economic driver. Thus, users have gotten used to doing a quick search for a needed item, browsing a few sites, then making a purchase with a few clicks. What could go wrong? Well, they might very well be doing it on the same device they use to access the company network.
In one study, more than 52 percent of employees surveyed said they engage in online shopping from their work computer, and 34 percent who said they shop online on their work devices admitted that they felt ecommerce sites were secure even when they did not have a clear indication they actually were.
What happens on the home network can easily bleed over to the enterprise, especially when best practices are not adhered to or applications are employed without understanding how they can impact security both inside the home and inside the corporate firewall.
Remote workers need to take the necessary steps to secure their home network, use applications responsibly, and lock down their devices – both for their own security and for that of the corporate systems they will likely be connecting to a good part of each day.
The Zero Trust Guide to Remote Worker Security brochure provides remote workers with tips on a wide range of security issues they should be aware of when working from the field, steps to take to mitigate the risks, with guidance about improving web security including:
Risky Browsing Behavior: This requires having an awareness of the types of websites that are most often abused in attacks and simply avoiding them when at all possible.
Disabling All Auto-Downloads: Users can disable auto-downloads of all media files, such as images, audio, video, and document files, in applications and browsers.
Checking Shortened URLs and Documents: Shortened URLs, which are particularly popular on social media sites like Twitter that have character limits, present a potential problem for users.
SSL/HTTPS and Website Security: When visiting any website, especially where sensitive information is exchanged, users should make sure the connection is encrypted.
Take a Page from the Zero Trust Playbook
The Zero Trust security model trusts nothing and no one by default. Under a Zero Trust security model, every user, device, and network are assumed to be hostile until they can be validated, and they are continuously validated to prevent a security lapse. Remote workers can apply the Zero Trust concept of assuming everything is a potential attack or avenue to compromise until they can verify that it is not.
The Zero Trust Guide to Remote Worker Security serves to act as a starting point for remote workers to take some simple steps to improve their security posture when working remotely – download this valuable resource today.
