Mark Guntrip, Senior Director of Cybersecurity Strategy at Menlo Security, discusses the five common pitfalls companies fall into when trying to protect remote workers from cybersecurity threats.<\/h2>\n

Trying to protect remote workers has never been so complex or fraught with risk.<\/p>\n

Working from home, hybrid working, SaaS, cloud migration, secure remote access, ransomware<\/a>, phishing attacks, social engineering, credential theft, BYOD \u2013 the list goes on and on.<\/p>\n

But the old methods of protecting remote workers are no longer fit for purpose.<\/p>\n

VPNs are notoriously insecure and don\u2019t scale. Backhauling Internet traffic to a secure data centre increases latency and can impact performance. Blacklisting shuts off entire sections of the dynamic Internet, preventing users from getting work done.<\/p>\n

Yet, organisations continue to tackle new security problems with old technologies. Security strategies need to evolve to meet the needs of today\u2019s business \u2013 where users can log on and access corporate resources from anywhere and anytime, no matter what device they are using. Users should expect to be protected from today\u2019s highly sophisticated threats without impacting performance.<\/p>\n

But old habits die hard. These are five pitfalls that organisations fall into when trying to protect remote workers:<\/p>\n

1. Don\u2019t <\/span>ignore<\/span> unmanaged devices<\/span><\/p>\n

It\u2019s easy to put your head in the sand and pretend that users are not accessing company systems on their personal devices. With corporate policies in place, people understand the security risks they are taking by using their phone, tablet, or laptop when logging in.<\/p>\n

But they do it anyway. Unmanaged devices and networks (such as home or remote WiFi) pose a major security risk to the organisation.<\/p>\n

The consumerisation of the cloud has also made it easier than ever for users to use a credit card to use own systems or create an infrastructure without following corporate policies or letting IT know.<\/p>\n

It takes one click to give threat actors access to a device and then spread throughout the network. Businesses need to make sure they can secure the connection between unmanaged devices and corporate systems.<\/p>\n

Isolation technology, for example, can create a virtual air gap between users and web content, stopping ransomware, drive-by attacks, and malware before they can access end devices. This is a user-centric rather than device-centric approach, ensuring that even unmanaged devices and infrastructure (that IT is not aware of) are protected.<\/p>\n

2. Fail to plan, plan to fail<\/span><\/p>\n

Malicious actors are becoming more sophisticated and adaptive in their methods.<\/p>\n

Cybersecurity is a constant battle between threat actors and security teams. As soon as a new security control is developed, attackers quickly find a way around it. The gap is then plugged by a new tool, and attackers identify another way in.<\/p>\n