A person working at home using laptop video conference call

The Mobile Threat

Results of Verizon’s recent Survey

Verizon recently summarized its research findings in a newly released Mobile Security Index 2021 report. They surveyed 856 IT professionals across many disciplines Here’s what they found:

  • 49% said that the conversion to remote working adversely affected their IT security.
  • 40% of respondents feel that the biggest threat to them and their company is mobile devices.
  • Even though they felt insecure with their mobile devices, 45% said they needed to sacrifice security to get their jobs done.

What Do The Above Results Mean?

Plain and simple: The majority of workers aren’t doing what needs to be done to secure personal and professional information.

45% believe their companies were rushed to mobilize remotely and sacrificed security in the process is a significant cause for concern. With all of the advances in technology, you would have thought that working from home was becoming more common and that IT departments were ready to implement. Apparently not.

Why Businesses Fell Short During COVID 19

IT Departments did not foresee a long-term lockdown and the need for a forced work-from-home to survive strategy. I could bet that this scenario was not included in any written Disaster Recovery Plans!

Had they included long-term work-from-home scenarios in their disaster planning, they would have seen the need to harden home networks, just like protecting the corporate infrastructure. They would have also issued and secured mobile devices to maintain security when accessing company networks remotely.

Although the Pandemic took the world by surprise, Disaster Planning should have foreseen lockdowns, whether due to pandemics, or natural disasters, as a risk, and companies should have planned accordingly.

Is Remote Working Here To Stay?

In some form, it will be; time will only tell how extensive. As the country reopens, it will be interesting to see which companies require a total return to the office, embrace a total remote footprint, or use a blended approach.

We’re likely to see all three of the above scenarios as some companies realize that they can get the job done without paying for the overhead and costs of maintaining physical offices.

Working-From-Home Has increased The Threat

As mentioned (many times) before, this new business landscape meant ample opportunity for hackers to take advantage of our uncertainty and the general public’s lack of knowledge in cybersecurity matters.  Mobile phones became the primary way of communicating for many remote workers, but when was the last time you considered the device’s cybersecurity risks?  And that smartwatch that is linked to your device?  Another door that might get left open accidentally to your information.

It isn’t that you aren’t trying to be diligent at all times; it is just that the connection to a virus or ransomware may have been embedded into your psyche when it comes to using laptops or desktop computers, but your guard may be down as you use mobile devices.  Besides, it’s harder to hover over a link when you’re viewing it on your watch, right?  And logging in and out on your phone? That’s very unlikely to happen – you leave the apps running in the background all of the time.

And, don’t forget the Internet-of-Things (IoT) in your home. Is Alexa listening and recording your business conversations?

How To Protect Home Workers

  1. Any time an interconnected device is purchased and installed, the password must immediately be changed.
  2. IT management needs to include home offices in their security assessments and install and manage enterprise-grade networking equipment and security.
  3. Homeworkers must adhere to all company policies and procedures, including password management, corporate equipment use, etc.
  4. Access to the corporate network from outside locations should only be allowed via a secure, company-approved VPN connection.
  5. Home office workers should not be allowed to access corporate systems through personal devices.
  6. Company files should ALWAYS be saved to the company’s servers where they can be protected. Employees should not be allowed to save files to their PCs.
  7. Make sure home workers are included in your cybersecurity training.
  8. Businesses should have a Hybrid-cloud Business Continuity system installed to backup all data, giving it the ability to recover quickly in the event of a disaster.
  9. All companies should employ a Managed Threat Response (MTR) solution that includes EDR, SIEM, and SOC components. Prices for security services are now within reach of most SMBs.
  10. Disable digital assistants while working.
  11. Make sure you’re using the latest wifi security protocol, which is WPA2.
  12. On home Wifi, disable remote access, Universal Plug and Play, and wifi Protected Setup. These features have good intentions but make it easier for unauthorized access. You can always enable a feature if you later need it.
  13. If working from home, set up a Guest Network for others to use.
  14. NEVER let anyone else log on or use your work computers.
  15. When at home, make sure all work devices are physically secured.

Conclusion

The threat is there, it isn’t going away, and we need to collectively work to make the “new normal” safer every day. Stay safe.

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions. We provide Disaster Recovery as a Service (DRaaS), Backup as a Service (BaaS), Cloud Data Protection (CDP), and Managed I.T. Services (MSP). Call (845) 362-9675 for a free consultation. Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection