As Covid-19 spread across the world in form of a pandemic in 2020 and 2021, the job market has taken a huge hit as a result and unemployment numbers have been surging to new highs. Statistics show that “The unemployment rate peaked at an unprecedented level, not seen since data collection started in 1948, in April 2020 (14.8%) before declining to a still-elevated level in December (6.7%)” (CRS 2021). This has been a result of health professional guidelines that suggesting social distancing and advising businesses to have their employees work from home. This was a sudden change to many businesses since having employees work remotely was likely a sudden change to business operations. Companies scrambled to quickly come up with a solution for implementing remote work, and this responsibility fell onto information technology departments across the world. IT professionals faced the challenge of implementing new policies and software to allow for all employees to work remotely while still being efficient. The two-week time span starting in the middle of March in 2020 was a nightmare for many IT workers. Here is a chart showing the sudden increase in remote work for U.S. citizens as the need called for it.
As shown above, the percentage of U.S. citizens working remotely doubled in a short amount of time. While IT workers were able to adapt quickly to their business needs, two weeks is a grossly short amount of time to implement any new policy or software. As a result, IT professionals were likely made to initially ignore some of the cybersecurity concerns in favor of getting their newly changed systems working. Consequently, costs may pile up resulting from employees not being properly trained on the dangers of working remotely. This paper is going to dive into the relationship between remote work and cybersecurity, potential pitfalls to cybersecurity in remote work, methods that cybersecurity should use for remote work, information on VPN split tunneling.
When referring to cybersecurity, implementing remote work policies has become a priority in the past year. This is due to attackers and hackers seeing the opportunity to take advantage of the threats that come with working remotely. 2020 has been a big challenge for cybersecurity with remote work and will continue to be so for the foreseeable future. When talking about the percentage of breaches, “Last year we saw a significant increase in cyber threats, from phishing attempts skyrocketing, the use of COVID-19 and the election as phishing lures, a whopping 128% increase in malware activity in Q3 2020 and botnet traffic increasing by 29% in Q2 2020”(Ayers 2021). This trend of breaches only reinforces the idea that remote workers and systems in place to supplement it will continue to be targeted by attackers. This means that cybersecurity specialists will have to commit to training unaware workers of the potential dangers of social engineering. As of late, the common trend for attackers has been to prey on the fears of remote workers in these uncertain times. An example of this could be an attacker calling or emailing victims under the preface that they represent a health organization like the CDC. Attackers will target worker’s home phones, cellphone, text, email, and other means of communication to try to compromise any companies’ infrastructure. Now is this time for all employees and especially cybersecurity specialists to adapt and be ready for the new dangers coming in the new year with the sudden change in work scenery.
With remote work, a whole new set of issues are created along with old threats being reused by attackers. For example, in the last section where phishing and social engineering were brought in when talking about potential ways hackers will attack. These attack methods are not new things, but probably feel new resulting from the attacker’s timing when they chose to attack. Some of the newer issues that are being discovered as time goes on include home network security and specifically the lack of it. It seems that workers are trying to work remotely while having home misconfigurations that are less than optimal when starting to work. Also, employees may take their device to a public location and connect to an unsecured public network that has no way to protect data from being monitored by a malicious threat actor. Another pitfall can include personal and business data mixing on an employee’s home machine. Cybersecurity specialists will have a hard time ensuring that all machines used for business stay updated since they will not be available locally. Another major pitfall for remote work is teaching the employees that dangers that become apparent when working remotely versus when they are working locally. For example, the network security in an office is likely to be much stronger than a home network and will stop a decent amount more malicious attempts at sensitive data. These are not all the potential dangers to cybersecurity in remote work, but IT workers need to understand what some of the common pitfalls can look like.
For cybersecurity specialists to efficiently safeguard their company’s data, they have to make their coworkers aware of the dangers of working remotely. One thing that IT workers do is establish and require all at-home workers to configure their home network devices the same. Meaning that instructions and guidelines for appropriate settings when working remotely should be established as soon as possible. This can include settings on WPA, rules for IoT devices on the same network, and changing the router and firewall settings from the default settings. Another good practice for working remotely safely would be ensuring that the company machine being used will be locked up properly when not in use. This would mean that employees would not be permitted to leaving their company device logged in while leaving it unattended or leaving passwords written down beside the machine. Another option for IT security teams to consider is to dedicate someone to monitor their network for alerts. If this is too much of a burden to the team, they should consider outsourcing to a 3rd party vendor to fill in the gaps for support. IT security teams should look for updates on all of their equipment monthly and require remote workers to do the same to lessen the probability of being taken advantage of by a vulnerability. IT security needs to make sure that every incident, whether it is big or small, should be documented to create a timeline of incidents. IT security teams must make sure that any “Remote Administration” or Administration from WAN/Internet” is disabled so that the management UI cannot be used through the internet for any remote worker’s machine. Lastly, like specified in paragraphs, cybersecurity for remote workers starts and ends with their awareness of the potential dangers. IT teams need to dedicate themselves to training the employees of the threats and dangers they will likely face when working remotely. In between the years of 2015 and 2016, the faults in human error in cybersecurity were made apparent as “ 50% of the worst breaches in the last year were caused by inadvertent human error, rising from 31% the previous year”(Evans 2016). IT workers can deploy some of the most impressive policy and security tactics to protect their data but can still easily lose data due to an ill-prepared employee working remotely.
The use of VPNs should be necessary and an absolute must when considering remote work. VPNs give organizations a way to have a controlled and secure pathway when sending and receiving data. This also allows for remote connection to be implemented when troubleshooting company PCs. An interesting topic within the world of VPNs would be whether split tunneling should be used. VPN split tunneling is the concept of using a VPN in an environment but controlling which devices and connections use the private connection. In other words, users would be able to use the VPN connection by default but exclude websites or applications like YouTube when on the internet. The biggest benefit in the use of this would be businesses saving money on the bandwidth use of their VPN. If employees always used the VPN connection and end up streaming, downloading, or otherwise exhausting a company’s bandwidth, the costs will be apparent. However, with those cost savings come risks while using split tunneling. The main issue with split tunneling is that end-users become able to bypass devices that were meant to track internet usage (Jeffery 2020). The result of this is if a hacker can compromise a home environment that uses split tunneling, that would put the whole company at risk, and cybersecurity departments would not have visibility to see what is happening. Risks also include the user finding a way around data loss prevention and intrusion detection systems. Ultimately, it is up to the cybersecurity teams to weigh the options for their business. If a business has the budget for unlimited VPN bandwidth for multiple users, then split tunneling does not need to be implemented. However, if a business does not have that luxury, they may need to risk aspects of their cybersecurity to implement remote work with split tunneling.
This paper hopefully has given some insight into the reality of the situation for cybersecurity specialists. Now, remote work does not seem to be a necessity but there will likely be more situations for all businesses where they will have to implement working remotely. Cybersecurity specialists need to be wary of the best practices for implementing remote work, the challenges to cybersecurity, the relationship between cybersecurity and remote work, and VPN and split tunneling role in remote work.