Remote workers prime targets for cyber attacks

An abstract image of padlocks overlaying a digital background.
(Image credit: Shutterstock) (Image credit: Shutterstock)

According to a study by OneLogin about the future of work, more than half of CIOs expect a rise in employees working remotely, while 97% say that soon their workforce will be widely dispersed across geographies and time zones. Businesses are being forced to adapt to the rising demand for a dynamic working environment, which can manifest as anything from workers bringing their own devices to work to employees using corporate machines at home as part of a flexible work schedule. However, this increases the security burden through the need for better identity management.

About the author

Stuart Sharp, VP of solution engineering at OneLogin.

Millennials, the Flexible Generation

This rising demand for flexible working environments seems to be spearheaded by the digital native generation. As Millennial and Generation Z workers come of age in the workplace, they will begin dictating corporate norms. Indeed, 93% of CIOs believe that the pace of business evolution will accelerate by 2025, correlating with a maturing workforce. 

Studies have shown that digital native workers are significantly less willing to accept substandard technological solutions. According to an annual public survey by flexjobs, 69% of professionals cited flexibility in the workplace as a critical issue when evaluating potential employers. Clearly it is essential that corporations keep up to date with technological trends in order to satisfy their workforce and reduce the ever-increasing skills gap.

Raising the Bar for Password Security

The question remains, however, where do organisations draw the line in supporting flexible work practices? With the increase in remote working, companies depend less on secure corporate networks and more on the simple password to protect company assets. As nearly 80% of security breaches involve the abuse and misuse of privileged credentials, one of the biggest threats to corporate security is employee passwords. This is no surprise considering the sheer volume of passwords that personnel have to remember. 

The average enterprise uses 2,500 unique applications, making identity management a nightmare for most IT teams. It is not uncommon for a single employee to have anywhere between 20 and 200 passwords to remember when accessing these accounts which results in frequently reusing passwords. Password reuse which could have dire consequences as organisations transition into a hybrid state where their software catalog is split between in-house applications hosted on-premises and cloud-based SaaS applications

Identity assurance and data integrity are crucial to adhering to internal security policies, external compliance regulations, and preventing headline-producing and career-altering security breaches. However, when business applications containing sensitive corporate data are accessed from unsecured and unmoderated devices, it provides a range of opportunities for hackers to access data.

Developing Mature Flexibility

The modern workplace has witnessed the rise of trends such as bring your own device (BYOD) which means that increasingly, employees are using their own phones, laptops, and tablets rather than company issued devices. The line between the personal and professional is further blurred with employees adding consumer SaaS applications, such as Evernote for organizing tasks, on corporate devices. 

Understandably, third-party applications installed on personal devices and connected to a corporate network open a can of worms when discussing the topic of identity access management. For example, if a personal device with the login credentials to corporate sites is stolen, it would be catastrophic, not just to the victim but also to business operations.

While flexible working conditions can increase efficiency and employee morale, they also present several risks. Think, for example, of the caricatured worker fervently typing at a Starbucks, or the commuter replying to emails on the train. Both employees pose a potential threat to corporate identity management departments because public Wi-Fi networks are simple to sabotage, and sensitive information is easily lost when employees lack the appropriate security training. 

This risk is accentuated when users rely on personal devices that lack corporate cybersecurity measures. If we want to continue the trajectory of flexible working, it is essential to ensure that every worker is logging on to company networks safely and securely using a mobile device management solution.

Suggested Security Steps

When considering methods of extra security procedures there are two forms of identity and access management (IAM) that enterprises can implement to secure themselves and those include: Single Sign-on (SSO) and Multi-Factor Authentication (MFA). Implementing these critical procedures provides an extra layer of security that prohibits access to critical applications without additional authentication checks. 

With SSO, the user’s access to an application or website relies on a trusted third-party to verify that individuals are who they say they are. This method not only makes sign-in easier but also keeps it more secure. Moreover, MFA can employ biometric security procedures that require extra credentials such as voice recognition, facial scanners or fingerprint checks. This not only provides an additional layer of defence, but also verifies what user is logged in and making changes to critical applications, which simplifies compliance to regulations like GDPR.

Appreciating the Application of Applications

As the reliance on cloud services and cloud-based applications increases and the acceptance of remote working evolves, attackers will begin looking for new vectors to exploit. In order to combat the needless loss of sensitive data, organisations must implement endpoint security strategies that both enable an increasing number of people to work remotely, while also ensuring they are doing so securely.

With younger generations entering the workforce every year, expectations of flexible work practices will continue to increase. The more apathetic organisations are towards evolving work cultures and the associated security concerns, the more likely it is that attackers are going to breach the limited safeguards put in place and compromise sensitive company information. 

Aside from implementing SSO and MFA, it is essential that organisations remain several steps ahead of would-be cybercriminals by employing sufficient safeguards. Companies must ensure they instill good cybersecurity awareness into all their employees, particularly those working remotely. Only by prioritizing security safeguarding and removing archaic and easily breached methods of authentication can security best practice be upheld for all workers, regardless of where in the world they are.

  • Protect yourself online with the best VPN.
Stuart Sharp

Stuart Sharp is the VP of solution engineering at OneLogin. He leads OneLogin’s global Solution Engineering team to help companies accelerate digital transformation by providing a modern, centralized Unified Access Management platform for on-prem and cloud applications.