Businesses that have embraced a distributed workforce model benefit from many advantages. Empowering employees to work remotely boosts productivity, reduces turnover rates, and saves on overhead expenses.
However, facilitating a distributed workforce also means facing challenges not inherent in traditional work models. Cybersecurity is one of the most notable of those new challenges and one that poses considerable risks.
A recent report reveals that at least 20% of businesses have suffered data breaches caused by vulnerabilities introduced by remote work. Studies show that those breaches are more costly—$1 million more costly on average—and take nearly two months longer to identify and contain than breaches that occur with on-site workers.
Understanding the obstacles of endpoint security
The distributed workforce model creates infinite endpoints for a business’s digital infrastructure. Employees can connect from home offices and mobile offices using desktops, laptops, tablets, and phones and may use home or public networks to make those connections.
In this new digital environment, security professionals have far less visibility and control. Any number of new devices can be introduced via remote network connections without warning security teams. Ensuring remote workers comply with security protocols also becomes virtually impossible.
Distributed work models add new layers to cybersecurity. Installing security patches, for example, requires a new workflow. Security teams are now working with various devices with varying resource capabilities and may utilize different operating systems. Ensuring patches are installed quickly and correctly becomes a much more complex process with distributed teams than in traditional office settings.
Distributed models also generally have a much higher reliance on cloud computing, as data is stored in the cloud to make it more accessible, and work applications are sourced from the cloud. Each additional cloud resource presents its own security risks, increasing the breadth of knowledge security teams must have and the scope of vigilance they must provide.
The risk of social engineering attacks also increases as more employees connect remotely. Recent stats show cyber attackers have shifted their strategies to target remote workers, with 67 percent of attacks impacting business operations being leveled at off-site workers. One reason for the shift is remote workers depend more heavily on email and text messages, which are vulnerable to phishing attacks.
A remote employee working out of a coffee shop provides an excellent example of the many new security vulnerabilities distributed workplaces present. Stats show that 25% of remote workers prefer to work from coffee shops and restaurants rather than at home, though many remain unaware of the risks they assume in that setting.
A remote employee in a coffee shop could be using multiple personal digital devices to connect with the work network, including a laptop for accessing spreadsheets and a phone for accessing a customer relationship management app. The connection to the network is most likely through public WiFi, which is generally unsecured. In a public setting, the employee could also easily be the target of shoulder surfing, which involves a cyberattacker physically viewing an employee’s screen or keyboard to obtain information needed to gain unauthorized access to a network.
Deploying strategies for endpoint security
Endpoint detection and response (EDR) is an emerging trend in cybersecurity that effectively extends corporate security to distributed workforces. EDR essentially enhances the security team’s ability to monitor activity on remote devices. While it does not necessarily extend security measures or protocols to those devices, it allows teams to know when suspicious activity is occurring on the extended network so they can coordinate a response.
EDR involves installing software sensors on remote devices, including laptops and phones. These sensors track activity in a number of places, such as file systems and applications, with an eye for malicious behavior or intrusions. They provide real-time monitoring to detect:
- Execution of unknown programs
- Abnormal registry or system file changes
- Connections established with risky IP addresses
- Patterns of activity that may indicate malware
- Existence of lateral movement tools
EDR monitoring leverages artificial intelligence to analyze data gathered from across the network of remote users and detect threats. EDR consoles notify security teams when threats surface, allowing them to investigate and, when necessary, respond. The key strength of EDR is the power it gives security teams to see and respond to risks remotely and rapidly.
Ideally, EDR efforts will be combined with other security protocols to create a comprehensive cybersecurity strategy. Other initiatives can include least privilege policies, zero-trust policies, and requirements for multi-factor authentication on devices used for remote access.
Providing employee training can also strengthen a business’s cybersecurity framework. With a distributed workforce model, security will be most effective when all employees understand security risks and commit to reducing vulnerabilities and preventing breaches.
During the COVID-19 pandemic, many businesses were forced to adjust their work models to allow for remote work, but as the pandemic has waned, remote and hybrid work has become the norm. As a result, cybersecurity professionals must transition their strategies to provide the best protection for distributed workforce models.
Written by Yashin Manraj.
Yashin Manraj, CEO of Pvotal Technologies, has served as a computational chemist in academia, an engineer working on novel challenges at the nanoscale, and a thought leader building more secure systems at the world’s best engineering firms. His deep technical knowledge from product development, design, business insights, and coding provides a unique nexus to identify and solve gaps in the product pipeline. The Pvotal mission is to build sophisticated enterprises with no limits that are built for rapid change, seamless communication, top-notch security, and scalability to infinity.
