Are Your Assets Protected as Work from Home Employees Surge?

07

May 2020

By: Orhan Yildirim

Studies and real time tracking of incidents show that breaches will continue to skyrocket during this Work From Home (WFH) period, but in many cases, IT teams may not be aware of the adversaries for a year or more.

If you do not want to be a victim of a breach, you must adapt your security posture to a new norm.

While it was urgent to rapidly set up VPNs and other means to access critical business resources, there is no time like now to reflect on the significant risks associated with granting privileges to many more employees than usual, and enabling them to access resources over the Public Internet. With so many critical systems and valuable assets being made accessible from virtually anywhere, IT and OT teams, and the leadership and boards of companies are rightfully concerned.

According to Kate Lister, who has been analyzing remote work trends for more than a decade, this scenario, with employees forced to work from home, is a turning point for businesses in the U.S., where the evolution of telecommuting has been slower than in other countries and regions. 

Even with natural benefits (reduced real estate costs, more workforce flexibility, and more productivity in cases her firm, Global Workplace Analytics has studied, only 7% of U.S. firms offer telecommuting and just 3.6% of American workers (5 million employees) spend at least half their labor hours at home. Based on data published by the U.S. government, the growth of remote work in the U.S. has been growing steadily (around 10% growth each year), but the COVID-19 pandemic has added tens of millions, even hundreds of millions of workers to work from home offices.

Even the next generation of workers – and the generation after that, are learning to learn from home as schools have been closed, which means a growing number of people are getting comfortable with the idea of virtual meeting and working.

Wayne Kurtzman, research director for social, community and collaboration at research firm IDC, said global demand for collaboration tools will increase exponentially as a result of the outbreak given this new comfort level, which Kurtzman says will make longer term and even permanent adoption seamless.

Within days of the rush to remote working in early March, attacks on systems began, including through privileged credentials. Adversaries continue to take advantage of many vulnerabilities, as the attack surface expands dramatically. Most well known were the early “Zoombombings” where strangers sat in on private business conversations and conference calls (which Zoom immediately began to address).

Super user (privileged) credentials are the prime target of attackers and used in 80% of breaches, and it can be surprisingly easy, fast and affordable to secure those, by implementing solutions that make system credentials invisible to employees.

Ironsphere’s solution, which works with any network and application type, records every session in real time and provides automatic alerts and notifications immediately, when our intelligent software senses a threat.

By adding Privileged Access Management to the IT team’s toolkit, enterprises and organizations can set up, monitor and manage credentials across multiple cloud-based applications, ERP systems, databases and collaboration solutions, not only securing remote access, but automating the process for the ultimate enhancement in productivity and efficiency.

Ironsphere’s leading PAM solution makes it easy to set up, scale and afford comprehensive implementations, that dramatically reduce risk and help ensure even better business practices, as we move into the new normal, with all the benefits of supporting distributed workforces without potentially disastrous breaches.

We’d be honored to help you protect what you connect – simply contact us at info@ironsphere.com.  

Similar Blogs

Maintaining our Essential Secrecy During COVID-19

Operations security (OPSEC) is an approach and discipline built around identifying critical information to determine if there are ways for adversaries to access intelligence. It determines if the information obtained by those adversaries could be useful to them and how then executes selected measures that address the risks.

read more