Welcome to the new normal. The face of work has changed drastically in 2020 and probably permanently. According to Gallup, at least 61% of full-time employees are working from home, or other locations, and those numbers will probably stay up.
Most companies rushed to adopt a connectivity-first approach, prioritizing getting team members online fast. But this rush created new vulnerabilities. Now, says a new report from VMware, they’re paying the price, with massive increases in threats across a range of industries–like the 238% growth in attacks targeting the financial sector.
We’re all working hard to keep ourselves physically safe with masks and gloves, hand sanitizer, and Plexiglas barriers. But what about cybersecurity? With so many employees logging in remotely from so many devices, how can you keep your data safe?
2020: The Work-from-Home Spike
It’s true that most companies have offered some work-from-home infrastructure for a long time. But only about 15% of employees regularly took advantage of it. So when COVID-19 hit, just about every organization spent the first part of the year scrambling to scale up remote capacity fast. Many are still scrambling.
That also means many are wrestling with the tension between flexibility and security, an issue 67% of companies are trying to balance, IDC reports.
On the flexibility side, employees demand agile, consumer-style workflows. Your team wants easy-to-access tools and connectivity, access to corporate resources, protocols for VPN, and SSO to make access simple.
On the other hand, you still have to minimize vulnerabilities and keep users up to date regardless of where they’re logging in from. And more than ever, you need to be aware of who’s present on your network and where your data is going.
When you’re trying to balance security and flexibility, you’ll be relieved to know that with the right tools, you don’t have to pick either security or flexibility–you really can have both.
The Work-at-Home Threat Landscape
Business services giant PWC recently noted that in the wake of COVID-19, “Rushing to virtually connect remote workers to the workplace, however, employers and personnel may overlook security — and cybercriminals have already begun to take advantage.” The FBI says it’s currently tracking three or four times the number of cybersecurity complaints than it was before COVID-19.
What kind of threats are out there?
Another PWC report notes a 61% increase in phishing attacks and states that 60% of businesses surveyed identified compliance and regulatory risks associated with remote work. Furthermore, 62% of companies found security risks due to non-enterprise devices and software—your employees working from home on their own devices—while 51% say they’ve seen a rise in access by non-credentialed users.
Chances are, of course, that most of those are legitimate users. But shouldn’t you know for sure? In the real world, it can be tough to track who’s logging on.
The U.S. government CIO Council’s Federal Mobility Group recommends: “Whenever possible, only use laptops and smartphones owned, managed and protected by your agency.” That’s certainly a comprehensive approach but doesn’t exactly correspond to the real world.
So how can you prioritize creating a secure environment while still giving personnel the flexibility they demand to use a variety of devices and tools?
A recent article on security in MIT’s Sloan Management Review suggests that IT pros need to “[r]eview changes to boost your technology and security infrastructure today […] This is not a one-and-done exercise; organizations need ongoing agility to hit what is a decidedly moving target.”
Fortunately, there’s a simple tool that helps give you that agility so that you can keep hitting that moving target.
What Can You Do About It?
In today’s world of remote work, patching has taken center stage yet again. But this is patching like you’ve never done before, reaching endpoints outside the corporate perimeter. So you need to take a slightly different approach.
In case you’re thinking patching sounds old-fashioned—and definitely not cutting.edge—think again.
Take deadbolt locks. The technology isn’t new or shiny or sexy; but chances are, you have a deadbolt lock on your front door. Why? Because it works. Patching might not be the beginning or the end of today’s complex security solutions, but it is a massive and central piece you can’t afford to overlook—especially for remote users on devices you don’t control.
When a user connects to your network, there’s no choice: You must protect yourself. How? By making sure that user is up to date.
Home users are just like any users, only more so: They’re busy, putting off updates, patches, and rollouts as long as possible. Worse, home users are more exposed to vulnerabilities due to devices and networks potentially being shared with other family members: Kids downloading games, teens accessing sketchy sites, other adults sharing browsers and logins.
In the office, you’re in control. Whenever someone plugs in a new machine, it’s scanned and tested for vulnerabilities.
But when users are working on their own devices, you are responsible for protecting that edge before you let those users into your network and apps. And to help you do that, we’ve created JetPatch Off-Grid.
JetPatch Off-Grid Patching: Your (New) First Line of Defense
Just like you’re already doing for on-site employees, JetPatch Off-Grid Patching inspects every single computer logging in to make sure they don’t introduce security risks. It flags known vulnerabilities and ensures that updates are rolled out effectively—almost like being there yourself.
When a user workstation connects remotely, JetPatch Off-Grid Patching does the work for you. It identifies assets and looks for missing patches and vulnerabilities, making it simple for the organization to handle any necessary updates with the ability to notify users of upcoming updates and reboots via push notifications.
JetPatch Off-Grid Patching is easy to set up. Via a tiny agent app installed on each endpoint, it can collect information on a device in real time, even when the user isn’t connected to the corporate network. When they do connect, IT has full visibility into who’s getting into your system, along with the reassurance that their endpoint is up to date.
We realize this is a little more effort than securing systems on-premises. However, JetPatch Off-Grid Agent is the missing link any organization with off-site employees needs to secure their system against the unknown.
Working from home presents an entirely different world. Sure, most companies have offered work-at-home options for a while, but few employees took full advantage of this. Today, however, it is clear that it’s a landscape studded with cyberthreats.
With JetPatch Off-Grid, you don’t have to fear the new normal. JetPatch has your back, with on-premises-level protection for employees on the go.
Investing in cybersecurity has both immediate and long-term benefits for every organization, and according to PWC, companies who invested in comprehensive cybersecurity solutions pre-COVID-19 are coming out on top.
We make sure both you and your users come out on top when you make JetPatch part of your security plan and get back in control of remote users, giving you both flexibility and security.
Whether or not you’re already a JetPatch customer, get in touch to find out more about how we can help your organization adapt and stay safe in the work-at-home world.