As organizations rush key apps to the cloud to support remote workers, they often create opportunities for attackers. These are the most common mistakes to avoid.
Cloud-based apps- With the pandemic, many businesses have moved to more cloud-based applications out of necessity because more of us are working remotely. In a survey by Menlo Security of 200 IT managers, 40% of respondents said they are facing increasing threats from cloud applications and internet of things (IoT) attacks because of this trend.
There are good and bad ways to make this migration to the cloud. Many of the pitfalls aren’t exactly new. At one Gartner 2019 meeting, for example, two IT managers stated that their Office 365 deployments were stalled because of the need to upgrade legacy equipment. Now, the way we now use—and share—our home computers has changed. Our PCs are no longer personal. That same computer may support your child’s virtual schoolhouse and your spouse’s applications, too. A survey this summer from CyberArk found more than half of the respondents save their passwords in their corporate PC’s browsers. That doesn’t bode well for any security policy, to be sure.
Here are the top seven mistakes that negatively affect security and some tips on how to avoid them.
1. Using VPN for remote access
With all the remote workers, a VPN might not be the best answer for remote access. Look at what happened in December 2020 with the FireEye hack. A compromised VPN account apparently was the hacker’s entry point to stealing its tools. In the past, VPNs were the go-to way to secure remote workers. It is far better to replace VPNs with zero-trust networks, where identity is the control plane and provides the access context. Also, you should make sure you have home-based infosec policies that have been written since the pandemic began that take these situations (such as the multi-user home PC) into account.