Can you still remember the time when you would wake up to the alarm every morning, hit snooze, wake up again (repeat a few times), and then start the mad dash to the office? Do you remember when your office coffee choices were left up to the mercy of the herd, and when you were forced to wear pants day after day? The changes to “office life” brought on by the COVID pandemic of 2020 certainly can be looked at in a positive light. Still, not all of it is awesome. Securing remote work will be the key to the future of distributed work.
Remember when your work computer was not the same as your personal computer and you were safely nestled in the cyber security implemented by your ever-ready IT department? If you received a suspicious email, encountered an unexpected pop-up, or went head to head with some Trojan horse, you had a guy for that just down the hall! With a 75% satisfaction rating for network security in American businesses, IT departments were doing a fantastic job at keeping breaches at bay and data protected. Then, along came 2020 and the infamous COVID pandemic.
In 2020, 62% of Americans began working from home, with 49% doing so for the very first time. Although there have been many upsides to this change both to employees and employers, cyber security has become a serious issue which has seen exponential growth over the past year. In fact, according to the FBI, cybercrime jumped by 300% just in early 2020. Add to that the statistic that targeted attacks against remote workers grew by 5x in the first 6 weeks of quarantine, and you get 20% of businesses reporting a cyber security breach that could be linked back to their employees.
There are a number of reasons why employees and their employers have become far more vulnerable due to remote work. For one thing, IT departments did not have time to prepare for the sudden switch to remote work, remote devices, and remote network connections. If there had been fair warning, they could have equipped their employees with the right security training and protocols and could have gotten the bugs worked out for remote connections to make it a safer process. However, we are all aware that the changes due to COVID were both sudden and harsh, and IT departments were left in an overwhelmed state, so much so that 20% of employees say they received no security tips at all.
On the employee’s side of things, there are many vulnerable spots for cyber criminals to exploit. Fifty-six percent of remote employees are using personal devices for work, but 25% of them have no idea what security protocols those devices have in place. Remote workers are also often using unsecured or glitchy WiFi, which leaves that door wide open for attack. Of course, they’re also using this exposed WiFi to connect to business networks; networks which were not designed to manage such a large quantity of remote connections.
Companies are certainly attempting to battle and resolve these vulnerabilities by implementing security protocols, such as multi-factor authentication. MFA is a decent attempt to plug up the holes. It can block 95% of bulk phishing attempts and stop 75% of targeted attacks, but it’s also too easy to hack. It would be bad enough if credential hacks were just for a single application, however most employees are reusing credentials for multiple programs, or they are using credentials that are easy to glean from social media. This is the reason that hackers were able to breach 500,000 Zoom accounts last year through credential stuffing (reusing credentials from previous hacks.) Sixty-three percent of data breaches exploit reused or weak passwords. Because of all this, an MFA just doesn’t fit the bill for the big job of making remote work secure.
Fortunately, there’s a better solution to the problem. In order to make logins truly secure, it’s best not to have a password to hack in the first place. Beyond Identity offers just that. They completely remove passwords and replace them with cryptography and biometrics. They also use risk-based authentication, which means that every signal, device, and user is assessed for risks at login. Their frictionless login means that there are zero out-of-band messages, which means there’s nothing for hackers to intercept and exploit. It’s the truly secure security system that meets the needs and demands of the remote business world.
