Since COVID-19 forced global workforces to go remote, the number of cybercrimes reported to the FBIs Internet Crime Complaint Center (IC3) has spiked from 1,000 a day before the pandemic to as many as 4,000 a day in the last four months.
This begs the question, what fundamental change has occurred, which might explain this alarming trend, and what can be done? Ultimately, it is a lack of preparedness to support a swift shift to an all-remote workforce. In talking to companies around the globe, there is one area that I believe justifies consideration to successfully ward off the increased attacks.
Companies and their IT staff must look beyond their perimeter network security and device security.
Why?
Because effectively, every company’s attack vector has incrementally increased overnight for every employee they staff that is now working from home.
There is no doubt, more companies will likely follow the permanent hybrid remote work path that others like Google and Facebook are taking. To do so successfully, it will be critical that all IT departments have an ongoing, proactive mindset as to where endpoints live and how they secure them.
As companies begin to strategize how their employee office structure will look over the next several months – be it phasing in a portion of the workforce into the office or considering a fully remote workforce - top of mind will be the organization’s security posture and that IT teams can support the needs of employees and the business in a capacity that ensures a smooth, secure transition.
Here’s a look at the current security environment and strategies that IT teams should incorporate to protect endpoints in today’s evolving workforce.
The current security landscape and mounting challenges with endpoints
IT teams were in a scramble to ensure security perimeters were in place during the mass exodus from the office, ultimately leaving gaps for attackers. Now, as states begin to reopen and companies evaluate how and when to begin transitioning a portion of employees back into an office setting, IT must look closely at the type of devices they purchase moving forward, how they secure those devices and how employee access resources to determine how to best support their workforce whether in the office or working from home.
For example, many companies faced a supply chain issue with getting devices to their users, not to mention being forced to purchase non-business class hardware to mobile device demand. This equated to drastic reductions initially in employee productivity as well as the deployment of devices that were not configured according to their company's security standards.
Perhaps now is an excellent time to consider each employee's job scope and challenge the status quo. Consider introducing Chromebooks as a standard for specific job types in parallel with an agnostic management strategy capable of supporting traditional and non-traditional devices, allowing workplace flexibility at a much lower cost per employee while maintaining security compliance.
Strategies to protect endpoints with the new hybrid workforce
While one of the biggest priorities IT teams have is to keep their organization secure against cybersecurity attacks, doing so is anything but easy when navigating a new hybrid work environment. To overcome the challenges that having endpoints in and outside of the office poses, there are a number of strategies that IT should follow.
- Implement a Unified Endpoint Management strategy that doesn’t rely on domain connectivity
- Ensure devices stay compliant by regularly patching both the Operating System and Application
- Implement a Least Privilege Management strategy that empower users with the rights need to successfully accomplish their jobs without creating an attack vector
Looking ahead: More endpoints everywhere
As we see companies move toward a hybrid workforce structure – employees split time working in-office and remote - it will be imperative that organizations have a flexible, secure and distributed environment that keeps everyone connected. Companies will need to reassess certain processes to keep IT from burning out, so they can efficiently manage systems and software installations no matter where they are while keeping their security posture in mind.
Having the right strategies in place for IT to enable employees to work in a secure manner regardless of location will be key as companies enter into the new normal of work. Organizations should take the time now to figure out how they plan to do this, otherwise, they’ll be left having to scramble again, finding themselves unprepared.