Concepts like “remote work” and home office have many advantages. But there is also a downside, somewhat higher security risks from cyber attacks. But you can reduce this risk to a minimum.
On July 1, 2021, many bosses will have breathed a sigh of relief, especially those who like to gather their employees around them in the company office. Because on this day the home office obligation ended.
But there will be no going back to familiar working models. The market research company Gartner expects that in 2022 the percentage of “remote workers” in Germany will be around 37 percent.
Network systems in the crosshairs of security risks
That is a good thing. It has been proven that employees are more productive and motivated when they have the opportunity to work from home. Security experts, on the other hand, see it more differently. This is confirmed by a study by IDC Germany on the subject of “Work Transformation” from 2021. According to it, security and data protection are among the greatest hurdles in the transformation of work models in the direction of remote work.
This is understandable. Because a company has to open its network so that employees can access it from home or on the go. Remote access can be secured, for example with the help of:
- VPN connections (Virtual Private Network)
- Load balancing systems
But it is precisely such security solutions that are increasingly being attacked by criminals.
Distributed Denial of Service attacks (DDoS) are a “weapon”. According to Netscout’s Threat Intelligence Report, their number rose by over 140 percent in Germany in the second half of 2020. With DDoS, gateways and firewalls are overloaded by manipulated requests.
Employee devices are being misused
Another risk is posed by the network systems and devices used by remote employees. If a DSL / WLAN router is configured incorrectly, it is easy for attackers. The same applies if employees use private notebooks on which outdated security software is installed and on which operating system updates are only rarely installed.
EXTRA: IT modernization: Ailing IT – but no renovation request?
“Rethinking” IT security
Remote work therefore means “rethinking” the IT security concept. The following steps are particularly helpful:
1. Perform a re-assessment
First, you should do a strategic re-assessment. All IT security solutions and remote access approaches are put to the test, including the policies that regulate employee access to data and applications. They should be reassessed against the background of “remote work”. This assessment provides answers to questions such as:
- “Are our VPN capacities sufficient?”
- “What solutions can we use to prevent DDoS attacks?”
EXTRA: Cyber security: How to ward off DDoS attacks
2. Introduce network monitoring
All data packets that are exchanged by IT systems should be analyzed, for example a PC in the home office with a server in the company data center. Only monitoring provides information on whether “strange things” are happening in the network, for example a computer infected with malware in the home office wants to transfer business data to an unknown IT system abroad. Such monitoring solutions are also available as a cloud service. The costs are therefore limited.
3. Reorganize the DDoS defense
You should not only keep an eye on the remote workers, but also protect the network from DDoS attacks. If such an attack paralyzes security gateways and firewalls, access to the network is blocked. In this case, too, you can fall back on cloud-based DDoS defense services from IT security companies. Such services will also cope with large-scale attacks.
EXTRA: IT security: SMEs threatened by DDoS attacks
You can also use appliances that are placed at the edge of the network between the firewall and the Internet router.
4. Optimize the security of end devices and remote access
Ideally, employees receive their own notebooks and tablets that are managed by the IT department, equipped with security software and updated.
Measures such as multi-factor authentication are also helpful. It reduces the risk of an attacker sneaking into the company network with stolen access data.
5. Train the employees
Technical solutions are only half the battle. Employees also have to follow rules when working from home. This means, for example, not to use private end devices and not to “abuse” VPN connections to play an online game during a break.
Training should also take other factors into account, such as locking away confidential work documents in the home office.
Conclusion: lowering security risks is possible!
Remote work does not only mean a change for the cooperation of employees and bosses. IT security specialists are also required to develop new processes and adapt IT security solutions. The good news, however, is that these challenges can be overcome with a manageable amount of effort. And future-oriented companies shouldn’t shy away from this effort.