From May 2020 to April 2021, global cybercrime spiked by 600%. How can distributed workforces and workers protect themselves from common security risks?
In Q4 of 2019, full time remote workers accounted for just under 6% of the American workforce. In less than three years, the global industry-wide shift to remote work that originated during the Covid-19 pandemic has put permanent full time remote positions on track to constitute 28% of the total workforce — an increase of 466% — by 2025.
Despite its origins in makeshift adaptation, the distributed workforce appears to be here to stay. Going forward, company infosec standards and practices, from small businesses to global enterprises, will need built-in measures to mitigate the security risks inherent in remote and largely cloud-based business operations.
In May 2020, the U.S. Bureau of Labor Statistics estimated that 48.7 million Americans — 35% of the total workforce — were working from home. This figure comports with same year research concluding that at least 29% of U.S. jobs could transition to remote work without affecting the bottom line. Nevertheless, enacting this sweeping structural transformation in just a few months and without advance planning introduced a host of data security vulnerabilities that few organizations had either the technical depth or capacity to handle.
By April 2021, less than a year later, global cybercrime rates had spiked over 600%. As companies moved workloads to cloud service providers to reconnect their scattered workforces, they brought online millions of new remote access points for sensitive data, exponentially expanding network attack surfaces. Rushed cloud adoption coupled with the intrinsic complexity of custom cloud environment configurations compounded security challenges for businesses at all scales. During the pandemic and to date, cloud misconfigurations and oversights have enabled 80% of reported data breaches.
Organizations looking to adapt their infosec and cybersecurity practices to meet the challenges of a permanently distributed workforce should begin in three critical focus areas.
Mobile devices such as laptops, smart phones, and tablets have become a universal component of remote work operations. While cybersecurity development remains largely focused on Windows-based enterprise applications, malware development has shifted to target newly networked mobile devices accessing Linux-based cloud services.
In 2020, 97% of organizations experienced attacks based in mobile applications, 93% of which originated in network devices. So long as malware detection capabilities for mobile device applications lag behind the curve of new intrusion techniques, endpoint MDM standards will need to reinforce access credentials with additional layers of threat mitigation such as multi-factor authentication, device tracking, and restrictions on downloads for devices with remote access privileges.
Employee offboarding processes represent serious data security risks. More than half of IT professionals privately report retaining access to a previous employer’s data and most would use sensitive information for personal gain if they believed their employers had wrongfully terminated them.
Thoroughly deprovisioning former employee accounts and devices is a multistep process. To start, organizations need to maintain unique user credentials to tie all session activities to a specific employee. In addition to recollecting all company-issued devices from departing employees and deactivating their account credentials, companies can further mitigate offboarding risks by limiting access to sensitive data prior to known departure dates and auditing last 90-day user activity when employees leave unexpectedly.
Most remote workers still need to collaborate with other employees and — unless directed otherwise — will share and store files via insecure methods. Whatever sophisticated protections an organization has for their own servers and internal communication platforms become irrelevant once employees pass files into personal channels such as private email or public cloud storage services.
File sharing via private email is only as secure as the user’s chosen credentials, which are typically minimal. Even when users maintain randomized passwords and have sufficient training to avoid most common phishing attacks, their accounts may still fall victim to more technically savvy attacks such as HTML injection and misconfiguration exploits.
Storing sensitive data in public cloud services opens organizations up to similar risks. As much as 40% of multi-tenant public cloud data is unmanaged, leaving service providers unable to trace malicious insider activity in their own systems.
While no security systems and protocols can entirely eliminate the risk of data breaches through human activity, two advance measures in particular will significantly reduce the occurrence of such incidents.
FileInvite’s document collection platform enables remote workers and clients to upload and access documents via encrypted client portals. For organizations that handle sensitive data and/or personally identifiable information across a distributed workforce, the security of a single SOC 2 Type 2 compliant file sharing platform is critical to long-term data stewardship.
To learn more and request a demo, visit FileInvite today.
You moved to an online file storage system. But now, constant news of hackers stealing data from major corporations is making you nervous... We can...
Discover the power of loan automation in commercial lending. Streamline processes, reduce manual workload and enhance customer experience for success...
Distributed workers can work smarter by using paperless onboarding systems and other workflow automation tools that improve efficiencies across...