How Working from Home During Coronavirus is Opening Fresh Vectors for Compromise

Work From Home Contagion image
13 March 2020

VPNs alone won’t protect workers from unsecured work environments.

“Wash your hands. Don’t scratch your nose. Try to avoid public spaces.”

In the weeks leading up to COVID-19’s ascendance to a pandemic, we’ve all become more aware of our touch points as we go about our daily lives trying to avoid infection. If businesses practiced this level of vigilance for their network touch points, and their daily exposure to infected surfaces, threat actors would have a much smaller playground in which to operate.

When businesses agree on connecting with each other, often it’s the expectation of security more than active vigilance that precedes the handshake. Robust global organizations surely have solid practices in place that protect them from active cyber infections. So why would they need to slather themselves in the cyber security equivalent of antibacterial gel before they shake hands?

If this sounds crazy—it is. And yet it is exactly what happens, even to worldwide organizations. The truth of the matter is, most large businesses only think they know their true infection touch points. They’re looking at the network perimeter they control themselves—not the expanded third-party perimeter that they in fact operate in.

Coping with a Remote Worker Explosion

This arrangement is a powder keg set to explode in the weeks to come. In response to COVID-19, businesses across the world are sending workers home.  The expectation is that day-to-day business can continue as long as they are equipped with VPNs to enable their work-from-home employees with an encrypted connection between their home and work environment.

But this new work paradigm means that sensitive information is now bouncing between secured and unsecured environments. While it is true that VPNs are effective at protecting data that is in transit, that protection is useless after the data lands in an unprotected device like a personal laptop.

Trusting a VPN to keep your data safe is like trusting a syringe won’t get you infected. What exactly is floating in that solution that’s being pushed  into your bloodstream—or in this case, your organization’s network? 

The vigilance required for the security teams, or managed security service providers (MSSP) to monitor an exponential uptick in the usage of VPNs is simply unrealistic. The mass-quarantine scenario that COVID-19 has introduced to the world’s businesses wasn’t in the staffing budgets of most organizations. Those security teams are likely stretched thin just to keep tabs on the new remote workers.

Throwing this threat into sharp relief is the inevitable business leadership personality who grows frustrated over the security hoops in place to keep remote data secure. “It’s hampering our day-to-day ops,” they’ll say. It’s not an unreasonable observation. What’s unreasonable is to act on that emotion, and strip out those securities in an effort to return business transactions to “normal.” 

How Prevailion Can Help

Prevailion gives businesses a powerful tool to simplify this scenario. We have a unique dataset that shows our users context on historical and active cyber compromises, including home IP addresses. Businesses can fold every IP in their perimeter through Prevailion to see if it is compromised by cyber infection. We can provide visibility on the active contagion in remote workers’ connections to businesses across the world. 

Anyone can set up Prevailion for free in minutes. Claim your free account to begin your experience, and get instant visibility on evidence of compromise in your organization today.

The Latest

Prevailion CEO, Karim Hijazi – Cheddar News- FCC commissioner calls on Apple and Google to ban TikTok app

A member of the FCC renewed urgency calls on Apple and Google to remove TikTok from their app stores, raising concerns that TikTok’s Chinese-based parent company is collecting user data that is being accessed in China.

IRONSCALES Cyber Security Heroes: The New Cyber Era Post Ukraine Invasion

What Wicked Webs We Un-weave

What Wicked Webs We Un-weave: Wizard Spider once again proving it isn’t you, it isn’t me; we search for things that you can’t see Authored by: Matt Stafford and Sherman Smith Executive summary: In late January 2022, Prevailion’s Adversarial Counterintelligence Team (PACT) identified extensive phishing activity designed to harvest credentials for Naver. Naver is a […]

Copyright 2023 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.