With recent events shifting the majority of the corporate workforce into a remote workforce there has been a sharp increase in security incidents as individuals handle sensitive data outside the monitored environment of the workplace. While most corporate digital workspaces are handled via a VPN or Citrix style digital desktop, working from home presents a different set of challenges that traditional IT security isn’t prepared for. In a normal corporate environment, workers use equipment provided by their employer through securely sourced and constantly monitored network hubs. Intrusions are easier to detect because the universe of devices is known, and outside contact is vetted in real-time with the ability to revoke it within moments if necessary. Individual workstations can be quarantined both physically and digitally, and a potentially infected piece of equipment can be swapped out by local IT personnel in a few hours.
Telecommuting removes those familiar parameters though. Now the device that accesses your work environment is an unknown variable, hosted through an unvetted and, likely, insecure piece of network hardware that’s vulnerable to spoofing, packet sniffing, and outright interception. A keystroke logger would have to penetrate multiple layers of security and searches to infect a device in an office, but at home, it only needs to make it past whatever local security software is present. Normally a device would be invasively scanned at all times by corporate security software, but most organizations aren’t deep scanning the devices that connect to their platforms for local malware. That same keystroke logging software has the ability to capture data and passwords without ever entering the protected environment. Compounding this, most employees rely on corporate protection when it comes to dealing with cyber threats. They’re used to getting a warning or having their device automatically stop a harmful action at work, and those features don’t translate well across the digital workspace. For their part, organizations have been slow to provide additional security or training to their employees. There are costs associated with doing so, and if they can transition there staff back to working in a corporate space then that cost may be viewed as wasted. However, a lesson that seems to have arisen from all of this is that a significant swathe of jobs can be performed from home without a noticeable loss of efficiency.