Last year, at the outset of the COVID-19 pandemic, small businesses and enterprises alike shifted to remote work. In fact, the 2021 Remote Workforce Security Report found that 75% of companies shifted 75% of their workforce to remote work. When the report was released in early August, the percentage of remote employees dropped to 60%, but it’s clear that remote and hybrid work arrangements are here to stay.
There’s plenty to like about working from home — or a coffee shop, beach, or co-working space — all or some of the time. A shorter commute or no commute at all? Fantastic. Wearing non-business attire while working? Yes, please. But there are trade offs, too, and the biggest one is the potential for cyber attacks. When employees work off the corporate network, outside the company firewall and skip network security, sensitive information is at risk.
OpenVPN customers are among the companies shifting to remote and/or hybrid work arrangements, so here we're sharing some of the key findings from this report. After all, the first step to guarding your organization’s network, sensitive data, and employees from hackers, is staying on top of evolving threats.
Finding #1: Security Workarounds are Widespread
The study, conducted by Cybersecurity Insiders with support from Axiad, found that 52% of U.S. IT and cybersecurity professionals surveyed reported discovering that remote workers had found workarounds to security policies (it’s worth wondering how many of the remaining 48% just haven’t uncovered workaround efforts yet).
When asked who’s responsible for securing remote work, 80% of IT professionals surveyed said they somewhat (54%) to fully (26%) agreed that the burden doesn’t fall to individual employees. At the same time, though, 31% of organizations didn’t expand secure access capacity when bolstering other corporate resources.
Fortunately, OpenVPN customers already have the ability to expand secure access that protects workers using home and public WiFi networks and SaaS applications. Plus, OpenVPN provides your business with all the tools and capabilities necessary for building a strong zero trust network to block or seriously mitigate most attacks.
Finding #2: Employees Focus on Productivity, Not Security
Outside threats are malicious in nature, but the 2021 Remote Workforce Security Report reveals that employees finding workarounds to security measures usually don’t have bad intentions. Some employees bypass security because they want to be as productive as possible. Others do it because they don’t understand how to use the security tools in place. It may not be malicious, but the reality is that human error is the cause of 23% of data breaches.
Security professionals surveyed reported that the cybersecurity policies and protocols employees are most resistant to are Multi-Factor Authentication (MFA) (35%), Mobile Device Management (MDM) (33%), and password managers (26%). Lean network security teams are challenged to engage and train remote workers on how to use security tools on both company issued and personal mobile devices (laptops, smartphones, tablets). Security training to reduce vulnerabilities requires even more effort.
OpenVPN gives your network administrator(s) the ability to enable MFA and MDM without making secure access overly difficult for employees. The OpenVPN Connect Client — compatible with Windows, macOS, Linux, Android, and iOS — instantly connects to any compatible server and supports 2FA and SAML authentication.
Finding #3: Essential Apps Can Be Risky
When employees moved outside the safety of company on-site networks, IT teams struggled with the threats that come with work applications. Cybersecurity professionals surveyed told Cybersecurity Insiders that file sharing apps (65%), email and messaging apps (60%), and websites (40%) concerned them most. Each of these is essential to daily operations, so safeguarding employees who use them is also essential. Social media, with a few exceptions like LinkedIn, isn't essential to most jobs, but finished fourth at 36%.
OpenVPN gives you an important piece of layered security and your workforce the ability to remotely access the important network resources — applications, devices, websites — they need to do their jobs.
Finding #4: Phishing and Malware are the Biggest Threats With Remote Work
Survey respondents told Cybersecurity Insiders that the biggest threats they face with remote workforces are phishing attacks (71%) and malware (61%). Concerns about phishing and malware aren’t unfounded: 66% of respondents reported an increase in phishing attempts since the move to remote work, and 30% reported an increase of malware infected devices.
Here’s the good news: both phishing and malware attacks can be curtailed, efficiently and effectively, with OpenVPN Cloud Cyber Shield content filters.
Content filtering is especially helpful in guarding against phishing and malware attacks that use Domain Name System (DNS) hijacking. Enterprise-grade VPNs can help to reliably prevent phishing and phishing attempts by giving administrators the ability to protect routers and DNS servers, and block access to known phishing — also known as fake or spoof — sites. The encrypted tunnel created by OpenVPN protects information, bypassing your router settings and performing a DNS request via the VPN’s DNS resolvers.
Finding #5: IT Teams Struggle With Equipment, Bandwidth, and Logistics
When the pandemic hit and companies implemented remote working, without warning, IT teams went into overdrive. Ensuring off-site employees had the network access they needed to do their jobs, and the necessary security, was a challenge.
When asked about the biggest impediments to scaling security for remote workforces, organizations named remote work equipment (40%), bandwidth restrictions (39%), and logistics of installing agents on personal devices (27%) as the key barriers. Bandwidth issues emphasize that remote work is significantly impacting productivity. As a result, IT’s bandwidth is more focused on assisting users than on strategic projects.
Your OpenVPN subscription makes remote installation easy. Users can download OpenVPN Connect from OpenVPN.net, Google Play, or Apple’s App Store then easily import the configuration profile using a URL and authenticating with user credentials
Finding #6: Companies are Accelerating Migration to Cloud Platform Solutions
Even before COVID-19, more companies were moving to the cloud. As remote work became the norm for the foreseeable future the shuffle towards cloud turned into a sprint: 54% of respondents reported accelerating the move to cloud-based apps. They didn’t, however, transition security to a cloud platform even though it allows organizations to truly safeguard their assets in a dynamic, cost-effective, and scalable way.
Roughly half (45%) of organizations are also shifting from mix-and-match security solutions to single platform offerings.
OpenVPN customers are ahead of the curve when it comes to cloud. OpenVPN Cloud is a next-gen, cloud-based platform that leverages a shared resources model, vertical integration of technology, and a focus on delivering dynamic access control. This allows you to drive down costs, secure your business at scale, and provide a seamless experience for your team — no matter the size. Plus, you can say good-bye to dealing with clunky, rigid, expensive network architecture.
You Have the Foundation
Even the most security conscious companies were forced to re-examine their security measures due to the COVID-19 pandemic. Timelines for cloud migration and zero trust enforcement accelerated. The threat of COVID-19 will diminish, but cyberthreats will continue to exist and evolve. That means security practices and cybersecurity training that mitigate cyberthreats must evolve, too.
The days of using virtual private networks (VPNs) as purely remote access are gone, and SASE, ZTN and SDNs aren’t replacements for VPNs; they’re fueled by them. OpenVPN allows you to safeguard your resources in a controlled, adaptive, and scalable manner, while complementing and extending the value of your current network strategy. To tap into the full potential of OpenVPN, and protect your organization, contact us via our Support Portal or check out the resources available in the OpenVPN Community.