The spread of the COVID-19 coronavirus has forced companies around the world to send their employees home to work remotely. Unfortunately, this new work from home normal attracts a host of cybersecurity issues.
Many organizations are meeting these security challenges by implementing a zero trust security model. In the IT world, zero trust means that no individual or device is automatically trusted. This is the safest approach when dealing with large numbers of remote workers.
Importance of a Zero Trust Security Model
In the pre-zero trust world, individuals and devices located behind the company’s firewall were deemed safe. Companies focused their security efforts on attacks from the outside, not those from within.
The zero trust model operates on a different assumption: attacks can come from both outside and inside an organization’s network. No person, device, or particular access is assumed to be safe. Everything and everybody must be verified.
Zero trust provides more robust security for today’s reality where a significant number of attacks are initiated from within the organization. The Verizon Data Breach Report says that 34% of companies have been victims of attacks involving inside actors. These attacks can come from careless workers falling for phishing and other social engineering schemes, disgruntled employees, malicious insiders and spies, and third-party users with access to the company’s system.
The zero trust model deals with potential insider attacks by requiring strict verification for every individual and device attempting to access the organization’s network. Every access must be authorized, whether the individual is inside or outside the corporate network.
Security Threats from Work from Home Employees
All organizations would like to think that their employees are always security conscious when conducting company business. The reality is that employees don’t always think about network and data security and don’t always act responsibly.
This lack of attention to security is bad enough within the walls of the company, but it gets worse when employees are working from home. There are numerous ways remote workers can threaten the security of a company’s network, including:
- Nonsecure personal devices. Many individuals pay little attention to the security of their personal devices, including failing to install security patches and not enabling firewalls and malware protection. An unsecured device is easy for malicious actors to hack into in order to gain access to the company’s systems.
- Malware-infested personal computers. According to a Lippis Report white paper, 46% of employees working from home transfer files between work-issued and personal computers. Home computers are more likely to be infected with malware than work-issued devices, and that malware can be transferred to the company’s servers.
- Device theft. Mobile phones and laptop computers are tempting targets for real-world thieves. Anyone stealing a device used for work has access to all of the sensitive work data stored on the device – as well as credentials used to log into the company’s network.
- Man-in-the-middle attacks. Any employee connecting to the company network remotely is a target for hackers intercepting communications over less-than-secure wireless networks. This can happen over public Wi-Fi networks and private home networks, especially when wireless routers are not adequately secured.
Moreover, during this coronavirus crisis, many IT and security teams are also working remotely. This makes it more difficult for them to respond quickly and effectively to attacks or infiltrations.
Zero Trust and Remote Work
Given the increased numbers of employees working from home, it’s likely that attacks on and through remote workers will continue to increase. Cybercriminals are ready and willing to exploit the larger base of work from home targets, which puts corporate networks and data at an even higher level of risk than normal.
The best way to lessen the security risk from remote workers is to employ a zero trust security model. The goal is to verify each user and device attempting to access the system and allow only as much access as necessary to conduct specific business.
Before the coronavirus hit, only 27% of small- and medium-sized businesses had implemented or were implementing zero trust security. With so many employees now working from home, it’s imperative for businesses of all sizes to move quickly to a zero trust model.
The zero trust model assumes employees are not responsible for their security, putting the onus on the company’s IT organization. A typical zero trust system routes all network access, both internal and external, through a secure web-based gateway that employs multi-factor authentication. Ideally, this gateway should perform security checks on individual devices, including verifying that all devices and operating systems have the latest patches installed.
The zero trust model is also adaptable to the different types of devices and operating systems used by employees at home. Cisco found that employees, on average, use 2.5 devices for their work. It’s difficult to design static security systems to work with so many often unrecognized devices. The zero trust model enables security to be independent of hardware and software technology.
Choose AWS Wickr for Zero Trust Communications
AWS Wickr is the most secure enterprise communications product available today that employs the zero trust model. Wickr’s secure collaboration platform uses end-to-end encryption to ensure that data and communications cannot be breached. It is the most secure solution for remote workers, with secure voice and video calling, secure screen sharing, secure file transfers, and more.