Enhancing Cybersecurity for Remote Work: Identifying the Gaps and Design Considerations for A Robust Security Tool
Article Sidebar
Main Article Content
Abstract
Traditional office-based security systems cannot cope with the increased cybersecurity threats that have resulted from the change to remote work. The paper discusses the most prevalent security vulnerabilities in remote working, focusing on data security and protection. This by its nature exposes businesses to risks through vulnerable home networks, personal devices from different setups, and behavior from other users, including advanced persistent attacks, access without authorization, and data breaches. The research highlights the weaknesses of the existing security procedures being put in place such as the detection and prevention capabilities, plans for endpoint security, and data protection processes. The recommendations will highlight the need for an all-inclusive tool in the remote working environment. This solution brings together strong user access control, real-time threat detection and response mechanisms, along with advanced cryptography approaches. The proposed approach is also a user-centered design that can be easily adapted to different technical contexts and organizational structures. The study is based on a multilayered methodology that includes case studies of previous cybersecurity issues associated with remote working, literature-based analysis of the security framework, and iterative design techniques. Important conclusions emphasize the need for adaptable security solutions that can adapt to not only the current threats but also to the mounting demands of preventing new threats in the context of remote work. The improvement that this study brings into the information security and protection domains through practical suggestions and an applied strategy for organizational resilience provides a basis to maintain confidentiality and improve endpoint security for a more secure and long-lasting environment for the remote worker.
Downloads
Article Details
Section
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
How to Cite
References
Pratap Singh Solanki, Ajay Singh, Shaneel Sao, N.D. Atkekar "Protection of Research Data and Devices from Malware Attacks Using Endpoint Security System in Network." International Journal of Scientific Research in Network Security and Communication 12.3 (2024): 15-18., DOI: https://doi.org/10.26438/ijsrnsc
S. Mandadi, S. P. Gochhayat, V. Torremocha, and J. Kethar, “Cybersecurity risks in remote work and learning environments and methods of combating them,” J. Student Res., vol. 13, no. 2, 2024, DOI: https://doi.org/10.47611/jsrhs.v13i2.6808
O. S. Ogungbemi, F. A. Ezeugwa, O. O. Olaniyi, O. I. Akinola, and O. B. Oladoyinbo, “Overcoming remote workforce cyber threats: A comprehensive ransomware and botnet defense strategy utilizing VPN networks,” J. Eng. Res. Rep., vol. 26, no. 8, 2024., DOI: https://doi.org/10.9734/jerr/2024/v26i81237.
Alromaih, Sarah, Ivan Flechais, and George Chalhoub. "Beyond the Office Walls: Understanding Security and Shadow Security Behaviours in a Remote Work Context." In Twentieth Symposium on Usable Privacy and Security (SOUPS 2024), pp. 507-525. 2024., DOI: https://www.usenix.org/system/files/soups2024-alromaih.pdf.
H. Kim, Y. Kim, and S. Kim, “A study on the security requirements analysis to build a zero trust-based remote work environment,” 2024, DOI: https://doi.org/10.48550/arXiv.2401.03675.
Gannon, D., Bramley, R., Fox, G. et al. Programming the Grid: Distributed Software Components, P2P, and Grid Web Services for Scientific Applications. Cluster Computing 5, 325–336 (2002). DOI: https://doi.org/10.1023/A:1015633507128.
C. Kılıç, İ. B. Uzun, A. T. Ardoğan, W. Saleem, and A. Sezen, “Security Issues of Remote Work Environments and Alternative Solution Approaches”, IJMSIT, vol. 8, no. 1, pp. 46–51, 2024., https://dergipark.org.tr/en/pub/ijmsit/issue/85925/1509706.
Olawale, Olufunke, Funmilayo Aribidesi Ajayi, Chioma Ann Udeh, and Opeyemi Abayomi Odejide. "Risk management and HR practices in supply chains: Preparing for the Future." Magna Scientia Advanced Research and Reviews 10, no. 02 (2024): 238-255., DOI: https://doi.org/10.30574/msarr.2024.10.2.0065.
N. A. Rakha, "Ensuring cyber-security in the remote workforce: Legal implications and international best practices," Int. J. Law Policy, vol. 1, no. 3, 2023., DOI: https://doi.org/10.59022/ijlp.43
A. K. Anil, S. A. I. Parambil, and T. N. Santhosh, “Ensuring robust security in remote work environments: Addressing challenges and implementing strategic solutions,” ResearchGate, 2023, DOI:10.13140/RG.2.2.13692.51847.
Singh, Chetanpal, Rahul Thakkar, and Jatinder Warraich. "IAM identity Access Management—importance in maintaining security systems within organizations." European Journal of Engineering and Technology Research 8, no. 4 (2023): 30-38, DOI: https://doi.org/10.24018/ejeng.2023.8.4.3074.
P. Andras et al., "Trusting Intelligent Machines: Deepening Trust Within Socio-Technical Systems," in IEEE Technology and Society Magazine, vol. 37, no. 4, pp. 76-83, Dec. 2018., DOI: https://doi.org/10.1109/MTS.2018.2876107.
M. Hijji and G. Alam, “Cybersecurity awareness and training (CAT) framework for remote working employees,” Multidiscip. Digit. Publ. Inst., 2022., DOI: https://doi.org/10.3390/s22228663.
Pósa, Tibor, and Jens Grossklags. 2022. "Work Experience as a Factor in Cyber-Security Risk Awareness: A Survey Study with University Students" Journal of Cybersecurity and Privacy 2, no. 3: 490-515. DOI: https://doi.org/10.3390/jcp2030025.
Badis Hammi, Sherali Zeadally, Rida Khatoun, Jamel Nebhen, “Survey on smart homes: Vulnerabilities, risks, and countermeasures”, Computers & Security, Volume 117, 2022, 102677, ISSN 0167-4048, DOI: https://doi.org/10.1016/j.cose.2022.102677.
Lars Brenna, Isak Sunde Singh, Håvard Dagenborg Johansen, Dag Johansen, “TFHE-rs: A library for safe and secure remote computing using fully homomorphic encryption and trusted execution environments”, Array, Volume 13, 2022, 100118, ISSN 2590-0056, DOI: https://doi.org/10.1016/j.array.2021.100118.
Sidor-Rządkowska, Małgorzata. "Human-the weakest or the strongest link? The role of organizational culture in ensuring security of remote work." Journal of Modern Science 49, no. 2 (2022): 608-620., DOI: https://doi.org/10.13166/jms/156776.
Bispham, Mary and Creese, Sadie and Dutton, William H. and Esteve-González, Patricia and Goldsmith, Michael, “Cybersecurity in Working from Home: An Exploratory Study”, TPRC49: The 49th Research Conference on Communication, Information and Internet Policy, August 1, 2021, DOI: http://dx.doi.org/10.2139/ssrn.3897380.
Enrico Battisti, Simona Alfiero, Erasmia Leonidou, “Remote working and digital transformation during the COVID-19 pandemic: Economic–financial impacts and psychological drivers for employees”, Journal of Business Research, Volume 150, 2022, Pages 38-50, ISSN 0148-2963, DOI: https://doi.org/10.1016/j.jbusres.2022.06.010.
Wu, Qingman and Yoon, Kyunghee and No, Won Gyun, “The Effect of Remote Workforce on Firms‘ Cybersecurity Risk Disclosures and Incidents” July 15, 2022, SSRN, DOI: http://dx.doi.org/10.2139/ssrn.4342761.
Georgiadou, A., Mouzakitis, S. & Askounis, D. “Working from home during COVID-19 crisis: a cyber security culture assessment survey”, Secur J 35, 486–505 (2022). DOI: https://doi.org/10.1057/s41284-021-00286-2.
Ilag, Balu N. "Tools and technology for effective remote work." International Journal of Computer Applications 174, no. 21 (2021): 13-16., DOI: https://doi.org/10.5120/ijca2021921109.
Grimm, R., Bershad, B.N. (1999). “Providing Policy-Neutral and Transparent Access Control in Extensible Systems”. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. DOI: https://doi.org/10.1007/3-540-48749-2_15.
L. Bodsberg, T. O. Grøtan, M. G. Jaatun and I. Wærø, "HSE and Cyber Security in Remote Work," 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), Dublin, Ireland, 2021, pp. 1-8, DOI: https://doi.org/10.1109/CyberSA52016.2021.9478249.
Li, Ying and Siponen, Mikko, "A Call For Research On Home Users’ Information Security Behaviour" (2011). PACIS 2011 Proceedings. 112. https://aisel.aisnet.org/pacis2011/112.
S. M. Roşu and G. Dra̅goi, "Virtual enterprise network general architecture," 2010 8th International Conference on Communications, Bucharest, Romania, 2010, pp. 313-316, DOI: https://doi.org/10.1109/ICCOMM.2010.5509052.
Pohl, F., Schotten, H.D. (2017). “Secure and Scalable Remote Access Tunnels for the IIoT: An Assessment of openVPN and IPsec Performance.” In: De Paoli, F., Schulte, S., Broch Johnsen, E. (eds) Service-Oriented and Cloud Computing. ESOCC 2017. Lecture Notes in Computer Science(), vol 10465. Springer, Cham. DOI: https://doi.org/10.1007/978-3-319-67262-5_7.
Jason Sabin, “The future of security in a remote-work environment”, Network Security, Elsevier, Volume 2021, Issue 10, 2021, Pages 15-17, ISSN 1353-4858, DOI: https://doi.org/10.1016/S1353-4858(21)00118-5.
L. Atstāja, D. Rūtītis, S. Deruma, and E. Aksjončenko, “Cyber Security Risks and Challenges in Remote Work under the Covid-19 Pandemic”, European Proceedings of Social and Behavioural Sciences EpSBS, 2021, e-ISSN: 2357-1330, DOI: https://doi.org/10.15405/epsbs.2021.12.04.2.
F. Malecki, “Overcoming the security risks of remote working”, Computer Fraud & Security, Vol. 2020, No. 7, 2021, DOI: https://doi.org/10.1016/S1361-3723(20)30074-9.
T. I. Buldakova and A. V. Sokolova, "Structuring Information about the State of the Cyber-Physical System Operator," 2020 V International Conference on Information Technologies in Engineering Education ( Inforino ), Moscow, Russia, 2020, pp. 1-5, DOI: https://doi.org/10.1109/Inforino48376.2020.9111654.
Johnston, Allen C.; Wech, Barbara; Jack, Eric; and Beavers, Micah, "Reigning in the Remote Employee: Applying Social Learning Theory to Explain Information Security Policy Compliance Attitudes" (2010). AMCIS 2010 Proceedings. 493. https://aisel.aisnet.org/amcis2010/493.
Robles-Gómez, Antonio, Llanos Tobarra, Rafael Pastor-Vargas, Roberto Hernández, and Jesús Cano. 2020. "Emulating and Evaluating Virtual Remote Laboratories for Cybersecurity" Sensors 20, no. 11: 3011. DOI: https://doi.org/10.3390/s20113011.
Chalhoub, George, and Andrew Martin. "But is it exploitable? Exploring how router vendors manage and patch security vulnerabilities in consumer-grade routers." In Proceedings of the 2023 European Symposium on Usable Security, pp. 277-295. 2023., DOI: https://doi.org/10.1145/3617072.3617110.
K. Goldman, R. Perez, and R. Sailer, “Linking remote attestation to secure tunnel endpoints,” IBM Research Report, RC23982 (W0606-099), 2020., DOI: https://doi.org/10.1145/1179474.117948.
A. Škiljić, “Cybersecurity and remote working: Croatia's (non-)response to increased cyber threats,” Int. Cybersecurity Law Rev., vol. 1, 2020., DOI: https://doi.org/10.1365/s43439-020-00014-3.
S. Talib, N. L. Clarke, and S. M. Furnell, “An analysis of information security awareness within home and work environments,” in Proc. Int. Conf. Availability, Reliability Security (ARES), 2020., DOI: https://doi.org/10.1109/ARES.2010.27.
Chitnis, Sudhir, Neha Deshpande, and Arvind Shaligram. "An investigative study for smart home security: Issues, challenges and countermeasures." Wireless Sensor Network 8, no. 4 (2016): 61-68. DOI: https://doi.org/10.4236/wsn.2016.84006.
Singh, Manmeet Mahinderjit, Chen Wai Chan, and Zakiah Zulkefli. "Security and privacy risks awareness for bring your own device (BYOD) paradigm." International Journal of Advanced Computer Science and Applications 8, no. 2 (2017)., DOI: https://doi.org/10.14569/IJACSA.2017.080208.
F. C. Aguboshim and J. I. Udobi, "Security issues with mobile IT: A narrative review of bring your device (BYOD)," J. Inform. Eng. Appl., vol. 9, no. 1, 2019. https://core.ac.uk/download/pdf/234677445.pdf.
Singh, Manmeet Mahinderjit, Soh Sin Siang, Oh Ying San, Nurul Hashimah, Ahamed Hassain Malim, and Azizul Rahman Mohd Shariff. "Security attacks taxonomy on bring your own devices (BYOD) model." International Journal of Mobile Network Communications & Telematics (IJMNCT) Vol 4 (2014): 1-17. https://eprints.usm.my/47317/1/SECURITY_ATTACKS_TAXONOMY_ON_BRING_YOUR.pdf.
I. Forain, R. de Oliveira Albuquerque and R. T. de Sousa Júnior, "Towards System Security: What a Comparison of National Vulnerability Databases Reveals," 2022 17th Iberian Conference on Information Systems and Technologies (CISTI), Madrid, Spain, 2022, pp. 1-6, DOI: https://doi.org/10.23919/CISTI54924.2022.9820232.
Chalhoub, George, Ivan Flechais, Norbert Nthala, Ruba Abu-Salma, and Elie Tom. "Factoring user experience into the security and privacy design of smart home devices: A case study." In Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1-9. 2020., DOI: https://doi.org/10.1145/3334480.3382850.
Patrick C. Shih, Kyungsik Han, and John M. Carroll. 2015. Using social multimedia content to inform emergency planning of recurring and cyclical events in local communities. Journal of Homeland Security and Emergency Management, Vol. 12, Issue. 3 (Sep. 2015), pp. 627-652. DOI: https://doi.org/10.1515/jhsem-2014-0071.
Charalampous, Maria, Christine A. Grant, Carlo Tramontano, and Evie Michailidis. "Systematically reviewing remote e-workers’ well-being at work: A multidimensional approach." European journal of work and organizational psychology 28, no. 1 (2019): 51-73., DOI: https://doi.org/10.1080/1359432X.2018.1541886.
M. Nalini, Anvesh Chakram, Digital Risk Management for Data Attacks against State Evaluation. (2019). In International Journal of Innovative Technology and Exploring Engineering (Vol. 8, Issue 9S4, pp. 197–201). DOI: https://doi.org/10.35940/ijitee.i1130.0789s419
Sharma, K., Bhasin, S., & Nalini, P. B. (2019). A Worldwide Analysis of Cyber Security And Cyber Crime using Twitter. In International Journal of Engineering and Advanced Technology (Vol. 8, Issue 6s3, pp. 1051–1056). DOI: https://doi.org/10.35940/ijeat.f1333.0986s319
Yadav, A. K., Garg, D. M. L., & Dr Ritika. (2019). Cryptographic Solutions for Cloud-Based Storage System. In International Journal of Recent Technology and Engineering (IJRTE) (Vol. 8, Issue 2, pp. 2079–2084). DOI: https://doi.org/10.35940/ijrte.b2298.078219