Although technology giants such as Twitter and Facebook have announced that some of their employees will continue to work from home permanently, this is not really possible for many employees. More than 60 percent of companies plan to implement the hybrid workplace. In this working style, employees will work at home on some days of the week and in the office on some days. However, this situation related to security challenges in the hybrid workplace will also bring new cyber risks. ESET experts have looked at what to watch out for and why.
The challenges of protecting the hybrid workplace
Information security managers today are under immense pressure to protect customer data from theft and critical internal systems from service disruptions. Despite increasing security spending, security breaches continue to increase. With the increase in remote working and the emergence of the concept of the hybrid workplace today, threat actors are in an advantageous position. Elements that pose risks for organizations;
Distracted, home-based workers who are more likely to click on phishing links
Remote workers working from potentially unsecured personal laptops, mobile devices, networks and smart home devices
Vulnerable VPNs and other unpatched software on home systems
Weakly configured RDP endpoints that can be easily compromised by previous leaks or easy-to-crack passwords.
Cloud services with weak access controls (weak passwords and no multiple authentication)
Why Zero Trust Approach
In 2009 Forrester developed a new information security model. This model, called the Zero Trust Model, has been widely accepted and adopted since its inception. It was designed for a world where the old concept of trusting everything inside this safety net is no longer valid, using all available security resources. We live in such a world now, thanks to the spread of distributed work and the cloud. Contrary to this old understanding, the Zero Trust model is based on the philosophy of “never trust, always verify” to reduce the impact of leaks. There are three basic principles in practice.
All networks should be considered unreliable
This includes even home networks, public Wi-Fi networks (e.g. airports and coffee shops), and in-house corporate networks. Threat actors are determined to convince us that safe places exist.
If we cannot trust any network, therefore users are also unreliable. We cannot guarantee that an account has not been compromised or that a user is not a malicious internal threat. That’s why it’s important to give employees enough privileges to perform their jobs properly, then regularly review their access rights and remove privileges that are no longer employee-related.
Assume there is a leak
Every day we hear news about a new security leak. Being on constant alert, organizations must continue to develop their defenses with sound Zero Trust logic and remain vigilant. Leaks are inevitable, but their impact can be mitigated.