The Cybersecurity Implications of Working From Home Explained
In the wake of COVID-19, working from home has shifted from simply a perk of certain professions or an exception given for sick days, to practically becoming a matter of public safety. One thing is abundantly clear: we need a next-generation solution that protects businesses from the potential security risk of their home-ridden employees’ personal computers, while allowing for both transparency, providing threat alerts and notifications, as well as the ability for the employees to maintain their privacy while in their own home. With this ever-growing demand for employees who work from home, IT and Cybersecurity managers everywhere are faced with a serious problem: employees who work from home happen to be quite difficult to secure outside of their protected office network, and are much more vulnerable to cyber-attacks. Dozens of remote work solutions are popping up now that allow employees to connect to the organization’s network. For an employee who uses his or her personal computer for work, the most common way to connect the office network is with a VPN and/or remote desktop connection. While many people use VPNs, because of how common they are, many hackers know how to breach them and infiltrate the network. A much safer approach involves setting up a secure, ad-hoc, individual tunnel between each personal computer and a computer at the office, ensuring that only the approved employee can connect to the network. A main difference between VPN and an ad-hoc connection is that an ad-hoc doesn't connect the home computer to the network, it only allows the remote control of one computer in the target network for the duration of the work, and each connection is unique, as opposed to a VPN that connects the home computer directly to the network and always using the same address. To most people, these efforts sounds like enough of a solution, and indeed both the VPN or the individual tunnels to each computer are difficult to hack. However, VPN's and secure lines to the company doesn't address the real problem at all; the employee's home computer can still be breached. The attackers, instead of attacking the company network, go for the employees' computers at home. While the connection between the employee and the company is secure, the employee’s computer isn’t, making it the golden ticket for a hacker to the organizational network. For example, a malicious email, if sent to an employee within the organization, will indeed be blocked by the IT department’s security system, but if that same email is sent to his computer at home, it will not be blocked. Furthermore, websites with malicious pop-ups, spyware, remote controls, and ads hiding malicious code that steals passwords or use of computer resource will all not be blocked on the home-ridden employee’s computer. What people need to realize, is that for a secure work-from-home system to exist, it has to spread all the way to the employee's personal computer. The home computer must be protected on its own. Simply installing an antivirus program on your personal computer isn't enough; antivirus programs only block 15% of all cyber attacks.
One of the few solutions available is provided by an Israeli company called Cyber 2.0. Using a combination of a smart White List coupled with effective Chaos-based port scrambling communication, Cyber 2.0's agent only allows authorized programs to create lateral movement inside the organizational network, eliminating the need for communication with any outside server, securing your network using an extremely sensitive algorithm based on mathematical Chaos Theory with constantly changing variables that prevent any kind of spread of malicious programs.