28-10-2021 | | By Robin Mitchell
Remote work has become an essential part of life due to COIVD-19 restrictions, but its implementation could become the next major security threat. What advantages does remote work have, what security threats could arise from improper implementation, and should remote work be continued?
The COVID-19 pandemic has had a significant effect on society at large, our attitudes towards social contact, our views on many political topics, and even our work life. The introduction of widespread lockdowns crippled many large and small businesses and saw many millions around the world either furloughed or unemployed.
However, many other jobs that would otherwise be done in the office were able to be done from home thanks to the many internet technologies that have been developed over the past decade. For example, high-speed broadband has allowed workers to host virtual meetings with clients from anywhere in the world. Messaging services have enabled conversations with entire departments while keeping a log of all that has been said. Cloud computing has allowed enterprise applications to be accessed by employees anywhere globally, and the low cost of modern hardware enables almost anyone to have a home office.
It is clear that modern technology has enabled remote work to be a possibility, but what advantages does remote work have? The first, and most obvious, is that there is no need for a commute which itself has many benefits. To start, the lack of a commute reduces travel costs to virtually nothing, which gives remote work a sizeable economic incentive. The lack of a commute also sees a reduction in CO2 emissions as transportation is no longer required, which is a big positive for the climate.
The second advantage to remote work is that employees do not need to be located near the office. This opens up many living options for those with financial obligations that would otherwise be difficult to meet near major cities. Thirdly, encouraging remote work also helps to drive tech industries that develop technologies needed for remote work, including internet service providers, cloud computing companies, and those that develop office hardware.
While remote work has proven itself to be a significant positive in the lives of many workers, there are rising concerns that remote work could become a new area of attack for hackers. By far, the biggest advantage to office working is that a business can employ security experts to create secure networks and access platforms that are easy to access internally but virtually impossible to access remotely. Furthermore, the use of enterprise-grade security platforms allows security chiefs to monitor policies across many hundreds of devices while simultaneously looking for malicious activity internal to their systems.
However, remote work requires outside access to sensitive company networks, applications, and files. Therefore, any office designed to enable remote working needs to allow external connections, but such connections can be made using VPNs and encryption methods that are extremely secure. If TLS can be trusted to pass personal data over the internet (such as pin numbers, credit card details, and passwords), TLS can also be used for remote working.
But, the challenge faced by remote working is not so much in the communication channel between the remote worker and the company infrastructure, but the fact that it is very difficult for security experts to ensure that the remote worker is taking proper precautions regarding security. Thus, company infrastructure can become vulnerable to attack from employees not having secure networks, using common passwords, insecure hardware, and even disposing of old hardware with stored sensitive data.
This problem is further made worse when considering that many homes are becoming increasingly integrated with IoT technologies. Such technologies have been shown to often contain security flaws that are easily exploited by hackers. These devices would therefore provide a potential entry point to company infrastructure via an internal home network.
There is no doubt that remote work has provided many workers with untold benefits from easier work lives to better utilisation of time. However, if remote working is to become the norm, then remote workers must take proper precautions to network and device security.
One method for achieving this may be to create an isolated home office network that only accepts authorised devices. These devices are directly connected to office infrastructure via a VPN. These devices could also be issued by security personnel from the employer and have security policies issued remotely. Privacy of home workers could be assured with the use of network and device segregation such that the home network is split into two distinct networks that cannot communicate with each other.
If not careful, remote work could similarly introduce security threats to the introduction of IoT. Now is the time for employers to act preemptively against future security threats, and employees should also start taking steps to ensure their security.