Source: The Enterprisers Project
13 May 2020

VPN, cloud, and phishing misunderstandings show up in myths about security and remote work. Security experts break down the truth about how to stay safe.

One of the easiest security risks to overlook? Thinking there is no risk.

That’s true when it comes to tools, people, and processes. When you think there’s little to no chance of something going awry, your risk exposure often expands. Complacency can cause this mindset and may be a growing risk factor, but we’ll get back to that later. Simple misunderstandings are often the root of security overconfidence. We might think we know something, but what if that knowledge is off-base or outdated?

Or what if our environment suddenly changes?

Just about everyone is living that scenario right now as a result of the global pandemic. The most obvious change in many organizations is a rapid shift to remote work. That has had broad impacts, including on your company’s security posture, which might need some realignment.

The Enterprisers Project has debunked some common misconceptions about online security specifically for the remote workforce:

False: This shift to remote is a short-term issue

We might want this to be true, but that’s what makes it dangerous from a security standpoint. In all likelihood, the sudden shift to remote work will have lasting impacts in many organizations, according to Steve Durbin, managing director of the Information Security Forum. Durbin views the work-from-home shift as a “new business normal.”

From a security standpoint, Durbin thinks we’re in the midst of a three-phase evolution. Phase one, Durbin says, is all about technology: Getting a suddenly remote workforce up and running with the tools people need to stay connected and do their jobs from home.

Phase two brings a rise in direct attempts to breach an organization via its employees now working from home.

“[We] will see targeted threats on organizations where the remote worker is seen as potentially being the weakest link in the security chain, not necessarily in their access to their own corporate interface, but via the third-party access routes that they will unavoidably be keeping open in order to fulfill their roles,” Durbin says.

Most of the above issues, from Zoom security to targeted phishing attacks and more, fall under phase one, phase two, or perhaps both. (They’re certainly related.)

We’re probably on the precipice of phase three – and IT leaders and security pros will need to be mindful of it: Complacency.

“[This] will come about through increased stress and cyber-anxiety, which will result in a lowering of vigilance and frankly, the sheer boredom of having to work remotely when the normal routine has been built around social interaction,” Durbin says. “My biggest concern is when remote workers enter phase three since it is unlikely that remote team leaders and managers will identify these signs until it is upon them.”

Read Full Article