With summer waning, kids back in school, and year-end quotas looming, we’re coming up to the busiest business travel season of the year. From September through November, business travelers log more trips than any other period. Most organizations take pains to keep their road warriors comfortable and protected from travel hazards, but what about the many lurking cyber risks? Away from the corporate network and its security safeguards the attack surface for your mobile employees is greatly increased and your ability to remediate threats often delayed or nonexistent.
Insecure WiFi connections are one of the top security risks for employees on the go. In a study on mobile workforce security, 81% of organizations reported they had seen WiFi-related security incidents in the last year, with 62% of these occurring in cafés and coffee shops. Man-in-the-middle attacks, network spoofing and packet sniffing of unencrypted traffic are the most common. While many WiFi attacks are crimes of opportunity and pose more danger to employee personal data than to your business, they still can put your organization at risk. Confidential information can be compromised if sent over public WiFi, access credentials stolen, and even malware introduced.
Un-updated Security Tools and Applications
Most endpoint security tools need to be updated in order to protect against the latest identified threats. If employees are not connected to the organizational security stack, they don’t have access to the latest reputation engines, heuristics and patterns used to detect threats, rendering their security tools much less effective. For some security solutions, cloud connectivity is required not just for updates, but to have access to its full range of protection capabilities. So, for example, if your traveler downloads their emails and opens them later offline, they could be compromised by malicious attachments.
For employees constantly on the move, it’s also more difficult for IT departments to enforce patching policies. When your business travelers do plug-in, they want to get work done, not waste time updating their software. This means that those same employees with out-of-date security protections may be running applications and operating systems with unpatched vulnerabilities, significantly compounding the risk to your organization.
These Security Concerns Affect All Your Mobile Workforce
While we have been specifically talking about your employees that travel, if your organization is like most, they do not comprise all, or even a majority of, your mobile workforce. Long commutes and regional personnel shortages, combined with advances in remote collaboration technologies, mean that mobile workers are becoming the norm. It is estimated that 70% of the global workforce works remotely at least once a week and 53% at least half of the week. By 2023, the global mobile workforce is expected to hit 1.88 billion.
Third-Party Software Risks
It’s always challenging to balance security with the need to reduce friction and enable productivity. This becomes even more difficult with remote employees. Collaboration tools like Asana and Slack keep virtual teams working together, but also open up new avenues of attack. Recently researchers discovered a Slack vulnerability which allows remote file hijacking and malware injection. Tools such as video conferencing software can also be used for malicious purposes – last month a security flaw in Zoom was disclosed that lets websites hijack cameras on Mac systems, even if the app had been uninstalled.
Morphisec Secures Your Mobile Workforce
Morphisec Unified Threat Prevention protects your road warriors and the rest of your mobile workforce from the cyberthreats that pose the most danger to your organization. Patented Moving Target Defense technology prevents threats deterministically and autonomously – it does not need to be connected to a server or cloud application to provide full protection against the latest threats. Morphisec requires no updates, so there is no waiting or performance hit when your remote employees do reconnect. And since Morphisec prevents the attack at its earliest stage, no remediation is required. There’s no need for your IT team to access a remote machine or shut down connectivity to a business user.