Connect with us

Hi, what are you looking for?


Mobile & Wireless

Keeping Your Remote Workforce Safe and Secure This Summer

We are in an increasingly mobile-first and distributed world. Remote networks and mobile users are the new reality, and they all require access to business-critical applications, which used to be located safely behind the corporate firewall.

We are in an increasingly mobile-first and distributed world. Remote networks and mobile users are the new reality, and they all require access to business-critical applications, which used to be located safely behind the corporate firewall. Today, users, networks and applications can – and should— exist everywhere, which puts new burdens on security teams to protect them in the same way as the traditional perimeter. With the summer travel season upon us, it is a good time to review cybersecurity best practices when it comes to remote connections to an organization’s core network.

For users and security teams alike, the cardinal rule is that all traffic connecting to the network must have the same security controls and policy applied, regardless of user location. There should be no deviations or exceptions made to accommodate remote users; cybersecurity must be consistent if it’s to be effective.

In the past, organizations supported various remote access strategies to enable remote users, generally backhauling traffic to the corporate network or using multiple point products. These approaches are difficult to manage, costly and inconsistent when it comes to security policy and protection.  In the interest of timeliness or efficiency, employees would often bypass normal security protocols to access network resources, particularly when on vacation and trying to quickly get work done so they can get back to their R&R. An understandable behavior in the heat of the moment, but one that could open the door for attackers to infiltrate the network. 

As we know, the threat landscape continues to evolve, with new techniques and toolkits available for nearly every threat use-case, including the targeting of remote and mobile users.  In an environment where infecting these users is easier, organizations need to adopt security practices that are equally easy to use, an extension of the protections they already deliver, and include a seamless user-experience that does not impede their work.

So, for IT security teams expecting a spike in remote network connections thanks to summer travel, I’d like to offer the following advice.

• If you’re using separate security protection for remote networks, mobile users and your local networks, you must reevaluate your strategy. You’re putting a heavier burden on security and operations staff, increasing cost, and potentially opening seams in your protection that attackers can leverage.

• Consider implementing a cloud-based approach to security for remote networks and users that extends your local policies consistently. The approach should be simple for the user and provide access to all the applications they need to incentivize use.

Advertisement. Scroll to continue reading.

• Personal mobile devices are a prime target for cyberattackers because they are so prevalent and can be less secure than devices issued by an employer. Make sure employees are aware that the loss or theft of a personal device, even if not used for work purposes, can provide personal data that cyberattackers can use to gain improper access to IT assets.

That said, cybersecurity cannot be the sole responsibility of the IT team; users have a role to play as well. In addition to following the cybersecurity processes your security team has put in place for remote users, here are some additional best practices to share with employees who will be travelling this summer.

• Tourists are tempting targets for thieves looking to steal smartphones, laptops and tablets. If your mobile device is stolen or even out of your possession briefly, don’t forget to notify your IT department in addition to your service provider. Many IT departments can remotely wipe sensitive corporate data from a device without effecting personal data.

• Before you travel, make sure to update your mobile devices with the latest security patches and software updates for its operating system and applications.

• Users should install password managers to keep credentials secure on their mobile devices.

• Avoid using public Wi-Fi networks or workstations in Internet cafés or hotel business centers. If you must use public Wi-Fi, be sure to log out of any SaaS applications or web sites you used and clear the browser’s cache before you end your online session. As soon as possible, change your log-in credentials for any SaaS applications or other network assets you accessed while using the public network or workstation. 

Related Reading: Enabling a “Secure Summer Mindset” for Employees

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.