Since working from home has become the new normal for many employers, new challenges for security administrators are growing. With childcare facilities and schools being closed, many employees are having to juggle not only their duties at work, but also childcare, pets, and dealing with deliveries or unexpected visitors. Under those conditions, mistakes can happen, such as sending an email with private corporate data to the wrong address. This is just one of the many insider security risks that administrators have had to adapt to. Joseph Carson, CIO at Thycotic, stated, “ The [work from home] trend due to the COVID-19 pandemic has significantly increased insider threats from employees taking risks with company assets, such as stealing sensitive data for personal use or gain as employers have less visibility to what employees are doing or accessing.” One of the primary threats with the working at home posture is from “negligent insiders” or employees who are well-intentioned, but who may mistakenly give away company data or put company data at risk, by accidentally opening a phishing email, becoming a victim of a Business Email Compromise (BEC) scam or leaving cloud storage misconfigured.
Analyst Notes
One of the primary reasons for the “negligent insiders” is due to lack of training. Many employers were justifiably not ready for all of their employees to be away from the office. Working from home also reduces face-to-face time with supervisors and reduces opportunities to collaborate with others. In a recent survey, almost half of employees working from home reported that they had received no training at all from their employer about security best practices while working remotely. Organizations should invest in remote work training to help educate their employees on security practices from home. They should also create clear policies and directions to help employees understand basic security protocols, and a clear channel of communication to get help with approved solutions for file sharing, collaboration, and other remote work challenges. If employees feel the need to set up their own solutions or use free services to share work files, sensitive data may be exposed to a greater risk of disclosure. It is also advised to employ a service that is capable of monitoring and endpoints, including laptops and remote access servers, for security threats. The team at the Binary Defense Security Operations Center has highly trained analysts to monitor, detect, and contain threats every second of every minute of every day.
Source: https://threatpost.com/work-from-home-opens-new-remote-insider-threats/156841/
