At a time when companies are reorienting their workforces and operations toward remote work, Matt Lindley, COO, and CISO at NINJIO believes it has never been more critical for employees to understand how to maintain the physical security of their devices.
One of the most common misconceptions about cybersecurity is the idea that it’s solely the job of IT professionals and other tech experts. This has always been untrue – the vast majority of cyberattacks use some form of social engineering, which means everyone in a company has the ability and responsibility to learn how to identify and prevent cyberattacks.
If employees’ role in cybersecurity wasn’t clear before COVID-19, companies are now more acutely aware of it than ever. Millions of employees are still working from home (WFH) as COVID-19 cases spike, which means they don’t have access to secure internal networks, IT teams, or any of the other cybersecurity resources available to them in the office. Within the next six months to a year, many companies will shift from WFH to work from anywhere (WFA) mindset, which will introduce a whole new array of cyberthreats.
Among the most pressing of these new threats is the possibility of theft, in-person snooping, and other forms of infiltration that can result when devices are left out in the open. This is why physical security will only become more important in the coming months and years – yet another reminder that cybersecurity is in employees’ hands.
WFA Puts Companies at Risk
Have you ever seen a flash drive left on a table at a coffee shop? How about a laptop left unattended and unlocked for fifteen minutes while its owner talks on the phone outside? Perhaps you’ve made these mistakes yourself. While these behaviors may seem innocuous enough – “I was right outside and I was only gone for a few minutes!†– they can put your sensitive information (as well as the integrity of your entire company’s security) at risk.
There’s no question that companies will be transitioning from WFH to WFA in the near future. Employees are increasingly demanding flexibility in where they work, the number of employees who use coworking spaces is surging, almost three-quarters of companies say they plan to shift some employees to remote work permanently, and 90% of executives report that they expect many or most of their employees to work remotely at least one day per week. With this huge influx of WFA arrangements, the number of physical cyberattack vectors will increase dramatically. Meanwhile, there are still multiplying WFH threats to consider as well.Â
While there will be many digital cybersecurity concerns in the WFA era – such as employees using insecure public WiFi without a VPN or failing to encrypt sensitive files on their devices – employees will have to keep the physical security of their devices top of mind at all times.
Learn More: DDoS Attacks: A Growing Cybersecurity Problem in Remote LearningOpens a new window
Broadening Our Understanding of Physical Security
We have ample evidence that physical security is a key component of cybersecurity, such as the fact that physical infiltration has been used to carry out major cyberattacks – including the deployment of the notorious Stuxnet worm against Iran’s Natanz nuclear facility, which relied on the insertion of an infected flash drive. Despite this history, a study published by the Institute of Electrical and Electronic Engineers found that a large proportion of “end users will pick up and plug in USB flash drives they find.â€
Beyond bad habits like plugging in random flash drives, there’s a rapidly increasing number of physical attack vectors that hackers can exploit. According to Cisco, there will be 29.3 billion Internet of Things (IoT) devices by 2023 – an increase from 18.4 billion in 2018. The typical American household has 11 connected devices, many of which are insecure home devices like smart appliances. When these devices (which frequently don’t have updated security software) are connected to the same networks as laptops, smartphones, and other work devices, they provide an entry point for hackers trying to steal sensitive company information.Â
This is a reminder that physical security extends beyond protecting and monitoring your devices in public – improper device use at home (by children, spouses, and visitors) can lead to security breaches as well. Employees have to be even more wary of public IoT devices, such as smart printers and scanners – they’re in charge of the security status of their devices at home, but they have no idea whether equipment in a hotel lobby or a library has been updated. Finally, if an employee’s laptop is stolen, the last line of defense is data encryption, which makes it much more difficult for the thief to access information.
Learn More: Deep MFA: A Smarter Way to Protect Backups from Ransomware Attacks
Companies Need To Make Physical Security a Top Priority
Companies and employees often have a narrow understanding of cybersecurity – they think of firewalls, anti-virus software, etc., but not where devices are stored, which IoT devices could potentially be surprise attack vectors, how devices are used in public, whether or not those devices are encrypted, and other aspects of physical security.
According to a 2018 study conducted by the Ponemon Institute, 42% of companies say they aren’t able to “secure access rights to data, systems and physical spaces.†The study also found that just 41% of companies claim that they’re able to “minimize IoT risks by requiring the integration of security into the devices we build or use in the workplace.†Now that we’ve entered the remote work era, the perception of physical security has shifted dramatically.
An October 2020 Ponemon report found that a “lack of physical security†is the cybersecurity risk companies are most concerned about.
Physical security is all about awareness – is your device locked? Is it in a spot where it could be stolen? Is it equipped with multi-factor authentication? What other devices could be on your network? Are they secure? While the remote work era offers many advantages (such as flexibility), it’s also inaugurating a new era of cyberthreats. And as the importance of physical security demonstrates, cybersecurity in 2021 and beyond will rely on the judgment and awareness of your employees.
Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!