Workplace

Remote work is here to stay. Here are the cybersecurity risks.

Phishing and ransomware are on the rise. Is your remote workforce prepared?

A person working at a laptop

Before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

Photo: Stefan Wermuth/Bloomberg via Getty Images

The delta variant continues to dash or delay return-to-work plans, but before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

So far in 2021, CrowdStrike has already observed over 1,400 "big game hunting" ransomware incidents and $180 million in ransom demands averaging over $5 million each. That's due in part to the "expanded attack surface that work-from-home creates," according to CTO Michael Sentonas.

Despite the rise in attacks, only one in five companies are confident their infrastructure security can support long-term remote work, and only 7.5% are confident that their security protections are adequate against phishing and ransomware attacks in the remote-work context, according to a recent survey of 200 North American businesses from IT firm Sungard Availability Services.

So what can you do to make sure your remote employees are properly equipped to protect against cyberattacks? Here are eight things to consider according to cybersecurity professionals.

Secure the home Wi-Fi network. Remote workers need to make sure they're on at least WPA2 encryption, according to Caroline Wong, chief strategy officer at Cobalt, a remote-first "penetration testing as a service" startup. Older security protocols like WEP and WPA have been hacked and are considerably less secure. Other things remote employees can do to protect their network at home is to consider hiding the network name from neighbors, said Wong.

Don't depend on your employees to protect themselves. Sure, you can tell people to secure their networks, but, these days, the reality of remote work is that it happens not just at home, but in coffee shops, at the airport, in Airbnbs and other places that are vulnerable to attack. So it's important to issue a corporate device with pre-installed and regularly-updated malware protections, as well as identity and asset management systems in place like multi-factor authentication, according to Shawn Burke, the global CSO of Sungard AS.

Prepare for people to do company work on personal devices. Even if you provide employees a company-issued laptop, odds are they'll still want the ease of accessing corporate data on personal devices. Consider using a mobile device policy, which is basically a way to remotely set up a security policy and push security controls, said Gartner Senior Research Director Thomas Lintemuth. That being said, "People get freaked out if you're trying to manage their device," so it's important to communicate that these programs are meant to "keep the bad guys out of your personal stuff" and that the company will not use them to track employees' personal information, said Grant Moerschel, VP of product marketing at SentinelOne.

Consider the "people" risk: kids, roommates and partners. This is a concern especially for companies like McKinsey, which often deals with confidential documents that could be seen, screenshotted or shared by other people in the household, according to Venky Anant, a partner in McKinsey's tech, media and telecom practice. Be diligent about setting automatic screen locks, and consider employing a virtual desktop so that corporate data is stored securely at headquarters rather than on a personal laptop, recommends Kathleen Moriarty, the CTO of the Center for Internet Security.

Be alert for more targeted, emotion-driven phishing attacks. Attackers in the age of coronavirus are capitalizing on your emotions and anxieties, and there's been a significant rise in phishing attacks that use COVID-19 as a lure, Moriarty added. Be wary of tailored messaging that preys on your desire to access vaccine information.

Expect to spend more on cybersecurity. Multi-factor is expensive, and so is scaling up VPNs and other solutions to handle more simultaneous usage. One way of dealing with the added cost could be to implement access control segmentations. For example, an engineer might require more security than a graphic designer, said Wong.

Aim for zero trust. An increasingly popular buzzword in the cybersecurity community, the "zero trust" model assumes that you can't trust anyone, and everyone is treated as a potential malicious actor. Authentication and controls are at every point of entry, and everything that's important is protected. That can be costly as well as theoretically productivity-impeding, but as John Kindervag, one of the original proponents of zero trust, puts it, "It's okay to occasionally block something good as long as you're not letting something bad in."

Educate, educate, educate. And gamify it. At Zoom, employees participate in an annual security awareness training complete with prize competitions that divvy out company swag or UberEats credit. Training has to be embedded in the culture of the company, said CISO Jason Lee, who also recommends monthly fake phishing attempts to test for employee preparedness.

Just don't do this.

Policy

Musk’s texts reveal what tech’s most powerful people really want

From Jack Dorsey to Joe Rogan, Musk’s texts are chock-full of überpowerful people, bending a knee to Twitter’s once and (still maybe?) future king.

“Maybe Oprah would be interested in joining the Twitter board if my bid succeeds,” one text reads.

Photo illustration: Patrick Pleul/picture alliance via Getty Images; Protocol

Elon Musk’s text inbox is a rarefied space. It’s a place where tech’s wealthiest casually commit to spending billions of dollars with little more than a thumbs-up emoji and trade tips on how to rewrite the rules for how hundreds of millions of people around the world communicate.

Now, Musk’s ongoing legal battle with Twitter is giving the rest of us a fleeting glimpse into that world. The collection of Musk’s private texts that was made public this week is chock-full of tech power brokers. While the messages are meant to reveal something about Musk’s motivations — and they do — they also say a lot about how things get done and deals get made among some of the most powerful people in the world.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Sponsored Content

Great products are built on strong patents

Experts say robust intellectual property protection is essential to ensure the long-term R&D required to innovate and maintain America's technology leadership.

Every great tech product that you rely on each day, from the smartphone in your pocket to your music streaming service and navigational system in the car, shares one important thing: part of its innovative design is protected by intellectual property (IP) laws.

From 5G to artificial intelligence, IP protection offers a powerful incentive for researchers to create ground-breaking products, and governmental leaders say its protection is an essential part of maintaining US technology leadership. To quote Secretary of Commerce Gina Raimondo: "intellectual property protection is vital for American innovation and entrepreneurship.”

Keep Reading Show less
James Daly
James Daly has a deep knowledge of creating brand voice identity, including understanding various audiences and targeting messaging accordingly. He enjoys commissioning, editing, writing, and business development, particularly in launching new ventures and building passionate audiences. Daly has led teams large and small to multiple awards and quantifiable success through a strategy built on teamwork, passion, fact-checking, intelligence, analytics, and audience growth while meeting budget goals and production deadlines in fast-paced environments. Daly is the Editorial Director of 2030 Media and a contributor at Wired.
Fintech

Circle’s CEO: This is not the time to ‘go crazy’

Jeremy Allaire is leading the stablecoin powerhouse in a time of heightened regulation.

“It’s a complex environment. So every CEO and every board has to be a little bit cautious, because there’s a lot of uncertainty,” Circle CEO Jeremy Allaire told Protocol at Converge22.

Photo: Circle

Sitting solo on a San Francisco stage, Circle CEO Jeremy Allaire asked tennis superstar Serena Williams what it’s like to face “unrelenting skepticism.”

“What do you do when someone says you can’t do this?” Allaire asked the athlete turned VC, who was beaming into Circle’s Converge22 convention by video.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Google Voice at (925) 307-9342.

Enterprise

Is Salesforce still a growth company? Investors are skeptical

Salesforce is betting that customer data platform Genie and new Slack features can push the company to $50 billion in revenue by 2026. But investors are skeptical about the company’s ability to deliver.

Photo: Marlena Sloss/Bloomberg via Getty Images

Salesforce has long been enterprise tech’s golden child. The company said everything customers wanted to hear and did everything investors wanted to see: It produced robust, consistent growth from groundbreaking products combined with an aggressive M&A strategy and a cherished culture, all operating under the helm of a bombastic, but respected, CEO and team of well-coiffed executives.

Dreamforce is the embodiment of that success. Every year, alongside frustrating San Francisco residents, the over-the-top celebration serves as a battle cry to the enterprise software industry, reminding everyone that Marc Benioff’s mighty fiefdom is poised to expand even deeper into your corporate IT stack.

Keep Reading Show less
Joe Williams

Joe Williams is a writer-at-large at Protocol. He previously covered enterprise software for Protocol, Bloomberg and Business Insider. Joe can be reached at JoeWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.

Policy

The US and EU are splitting on tech policy. That’s putting the web at risk.

A conversation with Cédric O, the former French minister of state for digital.

“With the difficulty of the U.S. in finding political agreement or political basis to legislate more, we are facing a risk of decoupling in the long term between the EU and the U.S.”

Photo: David Paul Morris/Bloomberg via Getty Images

Cédric O, France’s former minister of state for digital, has been an advocate of Europe’s approach to tech and at the forefront of the continent’s relations with U.S. giants. Protocol caught up with O last week at a conference in New York focusing on social media’s negative effects on society and the possibilities of blockchain-based protocols for alternative networks.

O said watching the U.S. lag in tech policy — even as some states pass their own measures and federal bills gain momentum — has made him worry about the EU and U.S. decoupling. While not as drastic as a disentangling of economic fortunes between the West and China, such a divergence, as O describes it, could still make it functionally impossible for companies to serve users on both sides of the Atlantic with the same product.

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.

Latest Stories
Bulletins