{"id":57332,"date":"2023-03-28T08:01:00","date_gmt":"2023-03-28T11:01:00","guid":{"rendered":"https:\/\/dev.abes.com.br\/?p=57332"},"modified":"2023-02-12T20:09:20","modified_gmt":"2023-02-12T23:09:20","slug":"preenchendo-as-brechas-de-seguranca-no-home-office-e-em-configuracoes-hibridas-de-trabalho","status":"publish","type":"post","link":"https:\/\/dev.abes.com.br\/en\/preenchendo-as-brechas-de-seguranca-no-home-office-e-em-configuracoes-hibridas-de-trabalho\/","title":{"rendered":"Closing the security gaps in home office and hybrid work settings"},"content":{"rendered":"

\"\"*Cesar Candido<\/em><\/p>\n

With the pandemic almost under control, organizations around the world have already returned to the office and many have permanently adopted hybrid work, which includes several days of home office. While each arrangement carries its set of pros and cons, from a cybersecurity perspective there are some challenges that need to be addressed to cover all security gaps.<\/p>\n

This hybrid arrangement of work blurs the divide between corporate and home networks, while expanding the attack surface in both environments. So, how to deal with these security breaches?
\nFirst, we must examine the data to see which threats thrived during the transition period. In 2021, most organizations have settled into remote settings. In our annual summary for that year, we noted that there was a 382% increase in malicious files blocked. Cybercriminals also seem to have doubled down on scams.\u00a0phishing<\/em>\u00a0during the period.<\/p>\n

Based on data from Trend Micro\u2122 Cloud App Security, the\u00a0phishing<\/em>\u00a0had an absurd growth of 596%. In the age when the workplace has largely shifted from offices to homes, malicious actors have taken full advantage of email to spread malware as it is a low-effort, high-impact attack vector.<\/u><\/u><\/p>\n

\"\"<\/p>\n

And the home network? Data from the \u201cSmart Home Network\u201d solution showed an increase in potential malicious activity on home networks from 2019 to 2020. The number of threats blocked indicates that home devices, particularly routers, were frequent targets during the period. While this was to be expected, as most employees who stayed at home relied on devices to stay connected and continue their activities, the growth in attacks more than doubled, causing immense concern for the information security industry.<\/p>\n

\"\"<\/p>\n

 <\/p>\n

For hybrid working to work, employees need access to company files from their remote locations. However, moving files can increase the likelihood of a data breach or the introduction of malicious files into a company's network. According to research conducted by OpenText - a Canadian company that develops and sells software for managing business information - 56% of US employees use personal file sharing tools in their day-to-day work.<\/u><\/u><\/p>\n

Among the respondents, 76% admitted that they feel stressed by the flood of Home Office context information, while 26% stated that they use 11 or more accounts, features, tools and apps, every day \u2013 an overwhelming estimate, to say the least. Minimum.<\/u><\/u><\/p>\n

Organizations must provide their employees with secure ways to transfer large files and access data hosting services. They should also educate employees on what types of files are safe to share and the correct permissions to apply when sharing files.<\/p>\n

Virtual Private Networks (VPNs) allowed users to connect to secure networks while working from home. Unfortunately, unsecured vulnerabilities in VPNs have also been exploited in attacks. One of the most used vulnerabilities was CVE-2018-13379. To date, it is the most exploited vulnerability in VPN products, although a patch for it has been available since May 2019. Other vulnerabilities that have seen many exploits include CVE-2019-11510 and CVE-2019-19781.<\/p>\n

Enterprises and users alike must be aware of these threats, as hybrid configurations make it easier for them to traverse both home and office networks. As Home Office and hybrid work test the idea of cybersecurity as a shared responsibility, employees and organizations must do everything in their power to prevent threats and bridge the security gap between home and office networks.
\nBelow are some tips for employees:<\/p>\n