The IT implications of the global movement to remote working
Remote working isn't a new concept. An annual global study showed 16% of global companies were fully remote and 40% were hybrid by September of last year. But COVID-19 has forced a widespread and accelerated adoption of this model, which has major business continuity and security risks for IT departments to consider.
Survey results shared by 8x8 at the beginning of March found that 44% of full-time employees had already seen coronavirus impact the way they do business, with 55% who cancelled travel plans and 40% who increased their use of video conferencing.
This business impact is only being made more apparent as time passes. From an IT perspective, the fundamental reality is that several workers are now connecting work devices to home LANs that do not have the benefits of corporate IT management. The resulting business risks and mitigation tactics are detailed below.
Lacking security measures and how VPN doesn't help
No firewalls, no system upgrades, no monitoring. Homes are at high risk for targeted attacks, as we have already begun to see:
“There are nation-states that are actively taking advantage of the situation, particularly our Cold War adversaries, and we need to be keenly aware that they are aware of the lack of security that is presented by everyone telecommuting,” Tom Kellermann, who served on a presidential cybersecurity commission during the Obama administration, told The Hill on Friday." [The Hill]
Most homes have inexpensive consumer-grade routers that have not received updates since purchase. For example, millions of cable subscribers are now vulnerable to the Cable Haunt vulnerability in the chipset software of popular modem/router combos.
Furthermore, broadband homes in the U.S. now have on average 12 connected devices (IoT), a greatly expanded attack surface from just a few years ago. These devices are vulnerable. Most connected webcams, speakers, lights, and other appliances do not run malware detection and do not receive updates. This truth was exposed in the 2016 Mirai botnet attack, which made headlines for disrupting Dyn services and thus many well-known internet services.
In the first half of 2019, there were over 2.9 billion global cyberattacks on IoT devices recorded, a 300% increase from the previous year. [F-Secure]
The subsequent risk to the business is wide and deep. Should employees access a corporate system and files with an infected device, they will put sensitive information at risk— even with a VPN in place. VPN will only serve to create an encrypted path for network connection; it will not protect the files that are now accessed by the vulnerable device.
Lacking QoS measures
While remote workers may not know of the security risks, they are acutely aware of their Quality of Service problems:
- Low WiFi signal strength from their desk or kitchen table
- Sudden dropped calls
- Choppy video conferences
- Lagging collaboration systems
- Slow or stifled file downloads
- Buffering webinars and other videos
Beyond the employee's broadband connection plan limitations (speeds and bandwidth caps), there are multiple reasons beyond the edge for these issues— All of which a seasoned IT department would alleviate in the corporate network environment. The most common reasons are explored below.
Dated and inexpensive routers
The majority of broadband homes in the U.S. have managed routers from their ISP, the common lifespan for which is 5+ years. Many of these dated routers do not have:
- Adequate radios for WiFi coverage throughout the home or coverage via mesh networking nodes
- Adequate throughput capabilities to support when multiple devices in the household are streaming or downloading
- Adequate router hardening to prevent attacks, such as packet sniffing, that could degrade performance
Lack of traffic prioritization
Most homes do not have the tools to prioritize traffic. One employee's video conference attempt could be thwarted by a child's video gaming or download activities in the home. Additionally, many popular smart home devices are consistent data hogs, especially in high movement areas such as the front door or living room: 1-2 GB down and 40-50 GB up in a 30 day period (Minim data). This family device contention is extremely hard to pinpoint and alleviate without the proper visibility and toolset.
Lack of WiFi management education
When it comes to proactive WiFi management in the home, there's a real gap in education. Most remote workers do not know the first thing about optimal WiFi channel selection, which can be a real problem for apartment dwellers where channel contention runs high. Furthermore, 82% of Americans have never changed their SSID and password, opening the potential for connectivity to be unwillingly shared.
Mitigating business risk in the remote working era
It's well known that businesses are turning to platforms, such as Microsoft Teams, Slack, Google Drive, Dropbox, Box, and Zoom for communication continuity.
"Online meeting, desktop sharing, and video conferencing software service GoToMeeting told TechRepublic it has seen a 20% spike in usage worldwide since the coronavirus concerns began, with usage in Asia doubling." [TechRepublic]
Now, IT departments must choose a platform for distributed network management.
Minim, a corporate WiFi system for the home
In response to COVID-19, Minim is now offering 4 free months of Minim for Remote Workers, a WiFi system that helps both employers and their employees to deploy an in-home corporate network for quality, security, and support. According to one of our customers
"Forcivity’s national customer base depends on our staff to help them optimize vital sales and support operations... With tools like Minim, we’re able to ensure that this shift to working from home doesn’t compromise security or worker productivity.” — Steve Baines, Forcivity CEO
The solution is comprised of a Minim router, mobile app, and web app, enabling the following:
With the Minim mobile app, employees can easily setup a WiFi system and connect their work devices. The app provides education and actions to optimize and secure their Minim network— all presented in a very simple and usable interface for everyday people.
IT personnel can co-manage employee work devices in the web app with tools to monitor, troubleshoot, and manage the employees' Minim networks. Leveraging Minim's proprietary fingerprinting technology, IT personnel will benefit from deep device identification and recommendations— such as moving a device from 2.4 to 5 GHz or changing a radio's WiFi channel. IT personnel may also access real-time security scanning and mitigation reports.
The Minim web app for employers to provide in-home WiFi network support
To download a solution specification and get more information about the 4-month free offer, signup for a Minim for Remote Workers kit here.