Remote Workers Using Personal Devices: Myth vs Reality

With the focus on employees working from home, many remote workers using personal devices will be inadvertently testing your organization’s ability to protect its network.  

Iconic IT has made security a focus for our IT services. Matt Lee, Director of Technology at Iconic IT, has offered some insights behind the myths and the realities of allowing your employees to access personal devices while working from home. 

Myth vs Reality 

Remote workers using personal devices can open your network to a host of issues. Your employees may think they are working securely, but the reality may be something far different. 

Here are the three biggest myths organizations and employees believe when they are working remotely. 

1. Myth: Remote Workers Using Personal Devices Are Protected by Existing Safeguards 

Your employees may feel protected by safeguards currently in place on their personal devices, such as “out of the box” antivirus protection. They may feel safe using standard protections such as Microsoft’s Windows Security. 

The reality: When your employee installs a standard boxed antivirus solution, Windows Security is often automatically shut down. Your employees may believe they have enough security on their personal devices. Unfortunately, these home devices have higher risk profiles given their typical shared use and less business-focused personal browsing incumbent with more risk.  

The solution: Install your organization’s antivirus on all personal computers. We recommend the two-tiered approach of our AV solution, Iconic Fortify.  

Find out more about antivirus solutions here

2. Myth: Remote Workers Using Personal Devices are Protected by Your Company’s VPN 

Your organization may feel that Virtual Private Networks are enough to protect your network when your remote workers use personal devices to access your business’ files and data. 

The Reality: VPNs (Virtual Private Networks) are a good start to protect your network but become less effective when accessed by your employees’ personal devices. These devices’ risks become the corporate network’s risks once connected over the VPN. Good security measures and layered protection are needed to combat and mitigate this risk.    

The dangers of relying on a VPN alone don’t come from the VPN itself, but the potential lack of security on these devices and a lack of awareness on the part of your employees.  

Your VPN is Only as Secure as the Machines Using It 

Typically, personal devices only have antivirus software installed. This will not include Endpoint Detection and Response (EDR). Because personal devices are accessed as independent workstations, there is no active security monitoring or patching from IT professionals. 

No Administrative Authority 

Because personal devices don’t have the same levels of accountability as organizational devices, gaps in security may exist that can spread potentially over the VPN. Attackers often look for a foothold first and then build ways to elevate privilege.  

Device Sharing 

Chances are your employee’s personal device is shared by other family members. Even if every user’s profile is separate, the profiles are kept in the hard drive of the device. Since all users are not connected to the VPN, malware can be installed from another user who is accessing the device. 

Bypassing the VPN 

If the VPN is slowing down the employee’s browsing, he or she may be tempted to bypass it. Some factors slowing the VPN could be the VPN itself, the age of the device, and distance from the server. 

Gap Between VPN Launch and Connecting to the Internet  

There is a brief gap between when a VPN is launched and when it connects to the internet. During this time, the device is vulnerable. This is especially dangerous if your employee is accessing data on an unsecured Wi-Fi connection

Additional Concerns with VPNs 

An alert released by CISA on Friday, March 13, 2020, stated that cyberattacks on remote workers are expected to increase. Per the report, even more weakness when using VPNS include: 

  • As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors. 
  • As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches. 
  • Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords. 
  • Organizations that do not use multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks. 
  • Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks. 

(CISA Alert AA20-073A) 

The Solution:  

Any type of secure, remote software that maintains network level separation to establish a connection to a work asset without exposing the risks of the local home device as in a VPN. Some examples of good strategies would be: 

Use a 3d Party Remote Service, preferably one that allows 2 Factor Authentication. This is the most secure way to establish a network separated connection to workstation at your office. It does not allow malicious software running on a home machine to reach the office’s workstation.  Iconic uses “Connectwise Control for remote access to workstations. 

Another option for remote access would be RD Gateway. This is a part of Microsoft Server and uses SSL certificates to secure connections. RD Gateway allows employees to log into their work desktops, so they benefit from existing security solutions on their office workstations while on their personal devices. There is no VPN required to use RD Gateway. 

3. Myth: Remote Workers Aren’t Targeted by Hackers 

You may think that if cybercriminals are targeting your network, they are only using workstations to try to gain access; a remote worker using personal devices is safe. 

The Reality: Hackers are aware of the current shift to remote work. Current trends in cyberthreats include sending “coronavirus work policies,” updates from spoofing websites pretending to be trusted authorities like WHO or the CDC, and even maps allegedly detailing the spread of the virus.  

The Solution:  Send your remote employees an updated cybersecurity awareness policy that outlines their responsibilities in keeping your network safe while working remotely. 

Iconic IT is Here to Help 

Iconic IT understands you have a lot to consider. Here are a few steps you can take to ease the transition for your remote workforce while keeping your network safe. 

  • Issue company equipment whenever possible 
  • Adopt an acceptable use policy for remote workers 
  • Install end-to-end protections for remote worker using personal devices 
  • Make sure your employees are up to date on cybersecurity awareness 
  • Require multi-factor identification before any device can be connected to the network 
  • Understand the limitations of VPN and consider using Secure Remote Solutions either alongside, or instead of, a VPN 

Iconic IT Resources to Help Your Transition to a Remote Workforce 

Iconic IT has resources available to help you understand the transition and better protect your business while your employees work from home. All resources are free to download and will be helpful for you to develop a secure remote work culture. 

1. Cybersecurity Awareness Training: Small Business Cybersecurity Education

An easy to use resource to teach your employees cybersecurity essentials 

2. Acceptable Use PoliciesAdopting An Acceptable Use Policy 

Tips for drafting an acceptable use policy for remote workers using work-issued equipment at home  

3. Using Teams to Streamline Your CommunicationsTeams for Remote Workers 

Microsoft Teams keeps your entire workforce seamlessly connected, wherever they are. Also see Microsoft’s “free Teams offer” for a free trial of the app whether you have a subscription or not. 

4. Coronavirus Hacking TrendsFear for Sale: Hackers Using Coronavirus Fears to Spread Malware 

Forward this to your remote workforce to keep them prepared for this disturbing trend. 

5. Implementing a Two Factor Authentication Process: Two Factor Authentication Guide 

This guide explains two factor authentication and how this simple process can protect your network, even when remote workers using personal devices log in. 

6. Protecting Your Network with a Remote Workforce: Keep Data Safe with a Remote Workforce 

Pro-tips on keeping protecting your network safe while your employees are working remotely. 

7. Remote Workforce Checklist: Remote Workforce Checklist 

An easy to use checklist to help you make sure your teams are connected, working efficiently, have the tools they need, and are maintaining your network’s security. 

Iconic IT is here to support our small to medium-sized businesses during this time. Feel free to reach out to us if you have any questions or need help with the tech your remote workforce needs to stay productive and protected. 

Download Remote Checklist!

RECENT BLOG POST

Spear Phishing Blog

Your Financial Institution Cyberattack Risks Are Real: Are You Ready?

For a financial institution, cyberattacks are a top concern and no wonder: financial services account for 35% of all data breaches and are 300 times more likely to be attacked than other verticals. Naturally, the criminals are following the money. They are getting more sophisticated with each passing year, adding extortion, fraud, and theft to their bag of tricks. It’s time to take a good look at your financial institution cybersecurity strategies; is your plan up to the challenges?

Read Post
Blog

Will 5G Internet Be A BIG Deal For Small Businesses?

How many times in the past few months have you cursed your internet connection as a video call froze or an important download inched along? These are daily struggles for remote workers, but also common among offices with business-grade internet. Fifth-generation mobile data connections (colloquially referred to as 5G internet) will ensure your team is more productive and profitable than ever before.

Read Post
Blog

Memorial Day: Random Trivia and Fun Facts

Why do we wear white after Memorial Day? How many hot dogs will be eaten, and why are there only eight rolls in a package of hot dog buns?

Your burning Memorial Day questions will be answered right here.

Read Post