Earlier this year I wrote about the cybersecurity challenges involved if working remotely becomes a mainstay of working life in the post-Covid era. It’s a challenge that is reiterated in Verizon’s Mobile Security Index report, which reveals the rise in cyberattacks involving mobile devices in the past year.
“For businesses–regardless of industry, size, or location on a map–downtime is money lost. Compromised data is trust lost, and those moments, although not insurmountable, are tough to rebound from,” said Sampath Sowmyanarayan, CEO, Verizon Business. “Companies need to dedicate time and budget on their security architecture, especially when it comes to off-premise devices: otherwise they are leaving themselves vulnerable to cyber-threat actors.”
A growing challenge
The rise in remote working has presented a fresh challenge, with 79% of security teams reporting that the change in work patterns has made their job harder. While it may seem intuitive that this growing threat should prompt teams to tighten up their security, the opposite seems to be the case, with 85% saying that there is no policy against using home WiFi networks. Indeed, 68% say they have no policies against the use of public WiFi networks.
What’s more, a significant proportion of security teams report having had to sacrifice mobile-device security in order to ensure continuity. Where organizations do appear to be tightening up, however, is in the freedom of employees to use their own devices. It still remains high, however, with 70% of companies with a bring your own device policy saying they’d introduced it since the lockdown.
“Securing BYOD devices can be considerably more difficult than securing company-owned ones with a mobile device management (MDM) solution in place,” the authors explain. “Rigorous policies and thorough enforcement will be required.”
To ensure security, it’s vital that workers are encouraged to follow the relevant security policies around their devices. This should extend to the use of things like WhatsApp and Telegram for conducting official business. This is especially important as these messaging apps make it harder for security teams to protect employees from phishing attacks.
“This underlines the importance of making sure that security measures aren’t too intrusive and that users understand why they are in place,” the authors explain. “The more draconian and arbitrary security measures seem, the more likely users are to try and find ways around them.”
Making remote work secure
In order to ensure remote workers are operating securely, the authors make a number of recommendations, including:
- Develop a detailed BYOD policy that clearly lists responsibilities in plain language
- Educate users on the importance of managing the permissions granted to apps
- Consider restricting what resources devices not controlled by the company can access
- Educate users on the dangers of malware and how to reduce the risks
- Consider introducing endpoint detection and response (EDR); this uses behavioral-based analysis to provide threat protection and can provide valuable insight
- Give users an authorized—and easy-to-use—means to share files outside the company
- Make sure that your team has the training—or the third-party support—to handle a greater device variety
- Develop a clear policy, in consultation with your legal team, that covers the tricky issues around performing digital forensics on an employee-owned device
As we’re beginning to better understand how work will look in the post-Covid era, we’re better placed to understand how to make it not only effective but also safe and secure. The guidelines in the report provide a good start point to help ensure that happens.