Protocol | Workplace

Remote work is here to stay. Here are the cybersecurity risks.

Phishing and ransomware are on the rise. Is your remote workforce prepared?

A person working at a laptop

Before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

Photo: Stefan Wermuth/Bloomberg via Getty Images

The delta variant continues to dash or delay return-to-work plans, but before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

So far in 2021, CrowdStrike has already observed over 1,400 "big game hunting" ransomware incidents and $180 million in ransom demands averaging over $5 million each. That's due in part to the "expanded attack surface that work-from-home creates," according to CTO Michael Sentonas.

Despite the rise in attacks, only one in five companies are confident their infrastructure security can support long-term remote work, and only 7.5% are confident that their security protections are adequate against phishing and ransomware attacks in the remote-work context, according to a recent survey of 200 North American businesses from IT firm Sungard Availability Services.

So what can you do to make sure your remote employees are properly equipped to protect against cyberattacks? Here are eight things to consider according to cybersecurity professionals.

Secure the home Wi-Fi network. Remote workers need to make sure they're on at least WPA2 encryption, according to Caroline Wong, chief strategy officer at Cobalt, a remote-first "penetration testing as a service" startup. Older security protocols like WEP and WPA have been hacked and are considerably less secure. Other things remote employees can do to protect their network at home is to consider hiding the network name from neighbors, said Wong.

Don't depend on your employees to protect themselves. Sure, you can tell people to secure their networks, but, these days, the reality of remote work is that it happens not just at home, but in coffee shops, at the airport, in Airbnbs and other places that are vulnerable to attack. So it's important to issue a corporate device with pre-installed and regularly-updated malware protections, as well as identity and asset management systems in place like multi-factor authentication, according to Shawn Burke, the global CSO of Sungard AS.

Prepare for people to do company work on personal devices. Even if you provide employees a company-issued laptop, odds are they'll still want the ease of accessing corporate data on personal devices. Consider using a mobile device policy, which is basically a way to remotely set up a security policy and push security controls, said Gartner Senior Research Director Thomas Lintemuth. That being said, "People get freaked out if you're trying to manage their device," so it's important to communicate that these programs are meant to "keep the bad guys out of your personal stuff" and that the company will not use them to track employees' personal information, said Grant Moerschel, VP of product marketing at SentinelOne.

Consider the "people" risk: kids, roommates and partners. This is a concern especially for companies like McKinsey, which often deals with confidential documents that could be seen, screenshotted or shared by other people in the household, according to Venky Anant, a partner in McKinsey's tech, media and telecom practice. Be diligent about setting automatic screen locks, and consider employing a virtual desktop so that corporate data is stored securely at headquarters rather than on a personal laptop, recommends Kathleen Moriarty, the CTO of the Center for Internet Security.

Be alert for more targeted, emotion-driven phishing attacks. Attackers in the age of coronavirus are capitalizing on your emotions and anxieties, and there's been a significant rise in phishing attacks that use COVID-19 as a lure, Moriarty added. Be wary of tailored messaging that preys on your desire to access vaccine information.

Expect to spend more on cybersecurity. Multi-factor is expensive, and so is scaling up VPNs and other solutions to handle more simultaneous usage. One way of dealing with the added cost could be to implement access control segmentations. For example, an engineer might require more security than a graphic designer, said Wong.

Aim for zero trust. An increasingly popular buzzword in the cybersecurity community, the "zero trust" model assumes that you can't trust anyone, and everyone is treated as a potential malicious actor. Authentication and controls are at every point of entry, and everything that's important is protected. That can be costly as well as theoretically productivity-impeding, but as John Kindervag, one of the original proponents of zero trust, puts it, "It's okay to occasionally block something good as long as you're not letting something bad in."

Educate, educate, educate. And gamify it. At Zoom, employees participate in an annual security awareness training complete with prize competitions that divvy out company swag or UberEats credit. Training has to be embedded in the culture of the company, said CISO Jason Lee, who also recommends monthly fake phishing attempts to test for employee preparedness.

Just don't do this.

Theranos trial reveals DeVos family invested $100 million

The family committed "on the spot" to double its investment, an investment adviser said. Meanwhile, the jury lost another two members, with two alternates left.

Betsy DeVos' family invested $100 million in Theranos, an investment adviser said.

Photo: Alex Wong/Getty Images

Lisa Peterson, a wealth manager for the DeVos family, testified in Elizabeth Holmes's criminal fraud trial Tuesday, as prosecutors continued to highlight allegations about how the Theranos CEO courted investors in the once-high-flying blood-testing startup.

An email presented by the defense revealed that the family committed to doubling their investment in Theranos to $100 million "on the spot" during a 2014 visit to company headquarters.

Keep Reading Show less
Michelle Ma
Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.

If you've ever tried to pick up a new fitness routine like running, chances are you may have fallen into the "motivation vs. habit" trap once or twice. You go for a run when the sun is shining, only to quickly fall off the wagon when the weather turns sour.

Similarly, for many businesses, 2020 acted as the storm cloud that disrupted their plans for innovation. With leaders busy grappling with the pandemic, innovation frequently got pushed to the backburner. In fact, according to McKinsey, the majority of organizations shifted their focus mainly to maintaining business continuity throughout the pandemic.

Keep Reading Show less
Gaurav Kataria
Group Product Manager, Trello at Atlassian
Protocol | Enterprise

Google Cloud helped design Intel’s newest data center chip

Mount Evans is Intel's first IPU data center chip, and Google Cloud, which played a role in its development, will be the first customer.

Intel CEO Pat Gelsinger has a new data center chip.

Photo: Pau Barrena/Bloomberg

When Intel announced that it had turned to technology developed by longtime rival Arm for a new infrastructure processing unit called Mount Evans, it said the technology was co-developed by a cloud-service provider that it wouldn't name: until now.

Google Cloud is that design partner, and it has committed to deploying the technology inside its cloud data centers, Intel plans to announce Wednesday at its Innovation event.

Keep Reading Show less
Max A. Cherney

Max A. Cherney is a Technology Reporter at Protocol covering the semiconductor industry. He has worked for Barron's magazine as a Technology Reporter, and its sister site MarketWatch. He is based in San Francisco.

Protocol | Workplace

Lessons from Facebook’s civil rights audit, a year later

Before the Facebook Papers, Facebook's audit made the case for transparency.

A new report released Wednesday lays out how companies can successfully conduct their own civil rights audit.

Photo: Kirill Kudryavtsev/AFP via Getty Images

Before Frances Haugen, before the Facebook Papers, before The Wall Street Journal's Facebook Files, Facebook had a chance to correct some of its algorithmic bias issues through an internal "civil rights audit" that concluded last year. According to people who contributed to the audit at the time, the company's response fell short.

That audit was conducted by Laura W. Murphy, a former director at the ACLU who has experience running similar audits for companies like Airbnb and Starbucks.

Keep Reading Show less
Michelle Ma
Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.

The case for flying cars — and why they’re coming sooner than you think

Kitty Hawk's Sebastian Thrun on why he believes in the avian future of transportation. And why he'd prefer you not call them "flying cars."

Kitty Hawk's Heaviside might be flying over your house sometime in the next few years.

Photo: Kitty Hawk

Sebastian Thrun was one of the early pioneers of the self-driving car, and spent years working at Google and elsewhere to make autonomous vehicles a reality. Then he ditched the industry entirely and went for something even bigger: flying cars.

Except, wait, don't call them flying cars. Thrun, now the CEO of Kitty Hawk, calls them "electric vertical take-off and landing aircrafts," or eVTOLs for short. (It's not quite as catchy.) But whatever the name, Thrun is betting that they'll be transformative. No more dealing with existing infrastructure and outdated systems, no more worrying about the human driver next to you. He imagines a fully autonomous, fully safe, much more environmentally-friendly skyway system that doesn't have to worry about terrestrial matters at all. And he's convinced that's all coming much faster than you might think.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editorial director. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Latest Stories