Remote work has introduced a myriad of benefits, from increased productivity, time saved during commuting, and better work-life balance. Today’s world requires us to be connected everywhere. As a result, remote working has paved the way for cyber criminals to target a new wave of home workers, with 20% of organisations experiencing a breach because of a remote worker.
More security challenges are to be expected, with hackers exploiting vulnerabilities in the infrastructure that enables remote work. Furthermore, organisations with a remote workforce take, on average, 58 days longer to identify and contain the breach compared to office-based organisations. This amount of time can lead to significantly increased damage to businesses, so must be a focus for all remote-first companies.
Attackers are coming down on home workers lacking the protection their organisations have built up over the years. As a result, remote working has become a new gateway for attacks, meaning that remote working teams will continue to be a target for cyber criminals. Organisations should focus efforts on managing risks for those working from home and tackle remote working safety.
Cyber Security Risks of Remote Working
With distributed workforces working remotely, businesses and members of staff must be aware of the cyber security risks of working from home, and take appropriate security measures.
Use of Personal Devices
With remote employees using work equipment from home, a staggering 70% of organisations allow (or have previously allowed) access to corporate assets from personal laptops and mobile devices. As soon as employees start using their personal devices, oversight ends.
Workers across the globe have taken to using personal devices, regardless of whether their home routers, laptops and smartphones were properly updated and adequately secured. In addition, one in three (29% of) employees admit to taking data with them after leaving a company.
Storing internal company data clearly demonstrates how crucial it is for businesses to take action in preventing the loss of corporate data, intellectual property, and tackle the risk of corporate fraud.
Unsecure Internet Connections
Where employees work where they choose, there is a much higher risk of accessing unsecured internet connections that can be intercepted by attackers, whether that be public internet connection or a home Wi-Fi connection.
Public and at-home internet connections are rarely secured with the latest encryption and authentication methods. Employees may be sharing sensitive company data over unsecured channels, without realising the threats involved.
Software updates contain new features, performance improvements, bug fixes and vital security patches that prevent vulnerabilities from being exploited. If employees are using outdated software versions, which is more likely in remote working scenarios, they will be more vulnerable to attacks.
Delaying software updates can leave remote employees open to malware and vulnerabilities. A simple step to limit remote working cyber security risks is to make sure employees are regularly updating software.
One of the most common cyber security risks of working from home is human error. Reduced oversight of employees has resulted in cyber security teams losing sight of what’s happening on home and public networks. Even if your company has taken the time to educate staff on cyber security work from home threats, a busy work schedule can lead to security measures falling down on the priority list. Without close supervision, employees are less likely to take security protocols seriously, with human error to be expected.
Employees play an essential role in maintaining the company’s cyber security, despite 58% of employees ignoring cyber security guidelines and only 26% of companies using multi-factor authentication to secure their accounts. In addition, with only 20% of organisations failing to implement methods to protect remote users who are browsing the internet, the risks of remote working becomes dangerously high.
Use of Remote Working Tools
Remote working has led to an increased reliance on third-party communicative technology and online tools, such as Teams, Zoom, Google Hangouts, and Asana, to name just a few. The use of third-party tools has opened up more avenues for cyber criminals to infiltrate remote workers with malicious intent.
Cyber criminals can use third-party tools to disrupt online conferences and obtain confidential commercial data to use to their advantage.
Attacks are becoming increasingly more sophisticated in the shift to remote work environments. Phishing continues to be a persistent threat, with the heightened risk of remote workers relying on emails and clicking something they shouldn't. The risk is heightened remotely since workers have a greater dependence on email and become less suspicious of a well-engineered phishing email attack disguised as a legitimate business request.
Keeping Remote Workers Safe
Remote adaptations are necessary to cyber strategy and building a cyber culture. If remote employee’s equipment is not secured properly, they can provide entry points for malicious threats, highlighting the necessity of ensuring cyber security for remote workers. There are various ways that employees and organisations can reduce risks associated with working from home and remain safe in a remote working environment:
Creating Equipment Policies
Where at all possible, remote machines should strictly be used for professional use, with personal devices kept separate from work. Restrictions should also be placed on how professional devices are used, for example, the prohibited use of social media, and introducing use of work equipment regulations.
Remote workers should also keep family members away from work devices, with company property exposed to those outside of the organisation. It’s vital to remind staff to keep devices safe and not allow other household members to access their work computers, mobiles, and other forms of hardware. Devices should be password protected to prevent third parties from gaining access.
Virtual Private Networks
Remote workers should be using safe, trusted networks to protect their work and corporate data. Virtual private networks (VPN) use an encryption tunnel to protect the connection and keep information safe.
As home Wi-Fi networks are more vulnerable to attacks, those working remotely should be encouraged to always use a VPN, which will bring firewall protection and align with the company security policy.
Passwords and Two-Factor Authentication
Alongside strong, unique passwords that are regularly updated, multi-factor authentication (MFA or 2FA) is critical for remote employees. Multi-factor authentication adds additional layers of security by requiring the user to validate that they are, in fact, who they say they are. This can include one-time codes, access via a dedicated app on a mobile device, or even biometrics. MFA should be enabled wherever possible.
Updating passwords should include not only on devices and accounts, but also changing router passwords to reduce the threat of hackers accessing wireless home networks.
Though it may seem straightforward to deploy anti-malware software on business devices, many remote businesses fail to equip employees with basic protection. One of the most effective methods of protection is to invest in a comprehensive antivirus suite.
Ensure that all remote workers have sufficient and up-to-date antivirus software, anti-malware and firewalls installed on all devices. This software will run discreetly in the background, so employees won’t even notice the hard work it’s doing.
A basic requirement for remote workers should be to ensure that all hardware and software are both configured correctly and have the latest patches and updates from the manufacturer. This should include keeping router software up to date.
Rather than delaying updates, remote employees should periodically check for updates and install them when available. Patches and software updates often address potential security concerns.
Managing Remote Teams
Even while employees are working remotely, having an understanding of how to protect themselves and the company is crucial, as well as establishing security for remote employees. Adopting security measures for remote working helps to amp up business defences, while keeping remote employees safe and protected.
Our cyber training for remote employees upskills and arms teams with knowledge of tools and practices to mitigate cyber attacks, and can be a pillar to building cyber culture, alongside introductory training modules teaching users how the web works, common threats, and what to look out for.
Strengthen your cyber security standing today by training and upskilling remote teams.