Work-from-home is here for good. The ongoing COVID-19 pandemic has companies continuing to keep employees home, and 82% of companies plan to allow at least some working from home once the pandemic subsides. However, 60% of organizations that have adopted work-from-home technology have either accelerated or bypassed the security review process that usually accompanies such changes.
Weakened security controls for work-from-home can leave you vulnerable to compromise, and the result can be expensive. According to the latest Cost of a Data Breach report from IBM and the Ponemon Institute, 76% of businesses believe remote work will increase the time to detect and respond to a data breach. Remote work makes it more costly to respond to a data breach, as well: having a remote workforce increased the average total cost of a data breach by $137,000.
Know your remote work security posture
The first step to avoiding these costs and securing your business is knowing how remote work affects your security posture. Your attack surface is fundamentally different now than what it was before work-from-home. Machines with access to corporate data are no longer confined inside either physical office walls or a corporate firewall.
Instead, businesses have had to implement or expand VPN usage as well as make tough decisions about devices people could use to connect to the corporate environment. This may include usage of corporate desktops or laptops from untrusted home networks. It may involve managing security software and configurations on personally owned computers or mobile devices that can access company resources. This concern extends to the network as well; often remote workers do not segment their business machines, so devices with access to sensitive corporate data share networks with vulnerable devices, including unmonitored computers and unvetted IoT devices around the house.
If your business shifted from in-office work to employees working from home on an emergency basis due to COVID-19, you need to find out whether the security controls you intended to be in place are still in place. However, even if your business broadened work-from-home well before the pandemic, testing your security posture on a regular basis matters for several reasons. New attacks and techniques arise, and work-from-home infrastructure must be updated and hardened to resist them. Employee work-from-home endpoints and networks change constantly, and corporate IT has less control over those than they have over company-controlled devices on premises.
The need for work-from-home security testing goes beyond technical concerns, as well. Employee security awareness and vigilance continue to matter. Even in the best-regulated technical environment, an employee who lacks security awareness or lets their concern for security lapse now that they are working from home can fall victim to a phishing attack and allow an attacker in.
The role of red teaming
Red teaming is an effective way to learn your real level of work-from-home risk because it mirrors the real-world tactics, techniques, and procedures of attackers. Individuals or groups who are targeting work-from-home are not going to limit themselves to one piece of infrastructure or one part of the network, as a traditional penetration test typically does. Instead, attackers will take a broader look at your attack surface. They will pinpoint the most exploitable weaknesses, either technical or human, and use that to compromise the data they want.
In a red team engagement, you can bring in security experts to think just as holistically as attackers. Red teams identify entry points based on flaws in software, network, and human security. They find out what data can be compromised. Then, they report back in a clear and actionable way. As a result, you learn how your security controls are actually working to prevent attacks. You learn what you should prioritize to improve your posture and prevent real-world compromise.
If you are looking to strengthen your security team’s ability to detect threats, including those related to remote work, a purple team engagement may be the right fit. In a purple team engagement, we perform a red teaming engagement in close collaboration with your security operations team. This reveals not only the ways you can improve the security of your work-from-home infrastructure, but also the ways you can improve your detection techniques and capabilities.
Work-from-home security will remain at the forefront of security considerations for a long time to come. Even as people get vaccinated and the COVID-19 pandemic begins to recede, many employees who are accustomed to working remotely will want to continue to work remotely. Keeping remote work matters for business operations and growth, since it will help keep talented employees on staff. That makes it as important as ever to assess your security posture as it relates to remote work, and ensure that your security program is designed to support work-from-home in the long term.
To learn even more about securing your organization as your employees continue to work from home, read our Work-from-Home datasheet.