Handling Setbacks in the Time of COVID-19

Most security experts, IT workers and leaders understand that the pandemic brought a decline in business and digital safety. A big part of that is the rush to get set up at home and establish remote work security. But why, exactly? It turns out that surprising factors degraded the security of the remote workforce.

Let’s start with the most obvious: remote work security. The pandemic ushered in a sudden and unplanned experiment with remote work at scale. First, employees stopped working in physically secure locations inside firewalls with approved devices and started working from home. It’s something of a cliche to say that remote work expands the attack surface. But the fallout of this is just now becoming clear. The change brought a lot of remote work security challenges.

Remote Work Security Factors: Poorly Vetted Tools

The rush to remote work demanded new tools, but employers didn’t have time to vet that tech for safety. As a result, apps and services are, on average, less secure than they used to be. Nearly three-quarters (74%) of 1,300 security leaders surveyed by Forrester Consulting say recent cyber attacks come from vulnerabilities in tech deployed during the pandemic. 

More Shadow IT

Employers literally leave their people to their own devices when working at home. Many employees are being creative about which devices they use for work, threatening remote home security. Remote employees connect over home networks that also serve smart thermostats, connected toys, home entertainment systems, gaming consoles and many random home Internet of Things (IoT) devices. These devices are likely to lack physical security and tend to be rarely or never updated. 

Lack of Visibility

 Making matters worse, organizations lack visibility into the home networks of remote staff. This, in turn, creates barriers to organizational cybersecurity.  

Increased Use of Cloud Services

Another huge problem, whose scale the security company Zscaler recently uncovered, is that large companies often have hundreds of cloud servers exposed to the public internet. By “exposed,” they mean that anyone can connect if they can find the services. Many…