Although working from home has multiple advantages, there are also integral cybersecurity risks when partaking in remote work, such as staff using unsecured personal devices, multiple network access points, and a lack of knowledge about safe online security practices overall. Businesses must understand and acknowledge these threats through implementing company-wide awareness, the provision of secure devices or security tools, and attentive cybersecurity teams.
Cybersecurity and Remote Work Risks
Long before COVID-19 prompted social distancing policies in nations across the globe, the remote work industry was thriving; a 2018 Owl Labs report estimated 52 percent of employees worldwide worked from home at least once per week.
Unfortunately, experts have confirmed that telecommuting can expose vulnerabilities that cybercriminals are eager to exploit. One memorable example is the attempted hack on the World Health Organization (WHO) earlier this year, hackers set up a fake WHO website in an attempt to trick WHO employees into giving up their passwords.
Although that particular escapade was a failure, such incidents reveal the risks of deception and attack when employees are literally left to their own devices with countless businesses forced into an abrupt switch to remote work without sufficient preparation time.
There are a host of issues that influence a corporation’s vulnerability to cyberattacks through teleworkers, most of which are the result of substandard security practices on behalf of individual employees or a lack of established company cybersecurity protocols.
Bring Your Own Device (BYOD) Culture
In an era where the bulk of staff members own a smartphone, laptop, or both, the ability to BYOD is a modern convenience many workers enjoy: checking emails via mobile and bringing your personal laptop into the office is becoming increasingly more common.
In the process, potentially sensitive information can be stored on a device that may be poorly secured—South Korean cryptocurrency company Bithumb suffered a catastrophic data breach in 2017 when an employee’s home computer was hacked.
Corporate IT departments cannot control how workers handle their personal devices outside of the office. Antivirus software might be nonexistent or out of date, or a gadget with shared access could be susceptible to information theft.
On the same note, an employee may not notice or flag suspicious activity, such as log-in activity at unusual times, that would be apparent to an IT professional monitoring a company network or device.
One of the luxuries of telecommuting is the ability to work almost anywhere, as long as there’s internet access. The problem is that not all access points are protected — including home networks.
The cybersecurity measures most businesses employ are beyond what the average individual would consider or is capable of implementing at home. Consumer-grade modems and routers, combined with weak wifi passwords and encrypted networks can make remote workers easy prey.
Employees who connect to public wifi networks are even more at risk; cybercriminals can spoof the public network and gain direct access to any connected devices.
Unregulated Data Exchange
Within the office, work-related discussions are limited to two options: face-to-face, or through company software. Documents and data are exchanged across the company network, which, in turn, is monitored by cybersecurity staff with security protocols in place.
However, at home, the lines of communication can become blurred. Sensitive data can be sent to colleagues or supervisors through a text message or downloaded to a personal device that is not sufficiently equipped against hackers.
Lack of Privacy
Working from home offers a greater opportunity than ever before for company data to fall into the wrong hands. Discussions among remote staff that are appropriate within company walls can serve as goldmines for observant listeners in public spaces such as coffee shops.
Staying Safe While Working Remotely
Fortunately, many of the cybersecurity challenges remote workers face are not insurmountable as long as they are addressed swiftly. Common-sense measures can go a long way towards reducing the chances of a successful cyberattack, assuming that both companies and employees are made conscious of high-risk scenarios and prevention.
Practical security measures such as multi-factor authentication for high-level employees with access to sensitive data are equally vital. We also recommend implementing explicit policies regulating conduct to guide teleworkers on the right track.
Company Equipment Only or Securing Personal Devices
Ideally, enterprises should provide remote workers with company devices which can be monitored by IT staff. These devices should also be set up with essential defenses such as firewalls and antivirus software. Employees that have access to client information, financial reports, or other private data should not be working from multiple devices. They also should not be exchanging information with team members via mobile devices.
If employees are left to supply their own gadgets for work, then they need to be provided with the resources to adequately shield their devices and protocols for how to do so. For example, employees should be using secure VPN network connections to log in to their accounts. Along with installing company-provided security apps and software available to remain well-defended.
One element that plays a significant role in the strength or weakness of any cybersecurity strategy is the human factor. This refers to the knowledge and understanding people possess about staying safe online and preventing malicious attacks. The value of educating teleworkers on core cybersecurity practices should not be underestimated. Even simple techniques such as creating stronger passwords can reduce vulnerability.
All staff, especially those working from home, should undergo training or be given resources to learn to identify and defend against common hacking tactics such as phishing attacks or concealed malware. Employees should be motivated to look out for and report security breaches and attempted attacks.
Establish Clear Rules of Conduct
If BYOD is permitted, then organizations need to clarify where to draw the line. To protect their company and their employees’ devices. Stipulations such as prohibiting the use of shared devices may seem obvious, but they need to be in writing. Physical security guidelines such as locking laptop screens before taking a break and working in a private space are also useful reminders to include.
The use of public wifi should be discouraged if not outright forbidden. In addition, to business communication between colleagues and supervisors being limited to appropriate applications and devices. Similarly, company documents can be stored on secure cloud storage for employees to access. This helps limit the amount stored on devices that could be compromised.
Vigilant Security Team
Endpoint security solutions are obligatory for all corporate devices. This ensures cybersecurity staff can stay on the alert for unauthorized activities or breaches. IT departments can establish preventative measures to boost security. This could look like monthly password changes for all employees. Along with enforcing two-factor authentication as an added layer of verification.
Contingency plans must be developed for worst-case scenario situations. Like the loss of a company device or a successful hacking attempt to avoid losing precious time in the event such an incident occurs.
Remote work is undoubtedly the way of the future. As the pandemic revealed, more professionals can transition to the telework lifestyle while still successfully maintaining productivity. However, employers and employees alike must take the initiative to understand and address the unique cybersecurity challenges teleworkers face. This will ensure that the company as a whole — as well as the individual workers — stays protected online.
Latest posts by Jack (see all)
- Cybersecurity and Remote Work: Challenges and Solutions - June 29, 2020