The cybersecurity risks of remote working

Person working remotely from their home

The rise in remote working since the COVID-19 pandemic has given way to a subsequent increase in cybersecurity attacks.

Data collected by the Office of National Statistics for the period September 2022 to January 2023 reveals that 44% of UK workers reported home or hybrid working. And, with more of us working remotely, the challenges around cybersecurity have become even greater.

Remote working raises the risk of a cyber-attack or data breach for several reasons including greater use of public cloud, internet of things (IoT), and highly connected supply chains. The use of unsanctioned technology by remote workers that lack security protection, and the correct authentication process, has also opened the door to cyber criminals. Organisations need to strengthen their cybersecurity resilience to combat these threats.

What are the most common cybersecurity risks for remote workers?

There are numerous advantages to remote working such as greater flexibility, less commuting time, more autonomy, and a reduced need for office space. But cybercriminals are now attacking remote workers as they may use unsecured home network connections with a lower level of cyber protection than office-based workers.

Remote workers could pose greater cybersecurity risks because of:

1. More possibilities for a cyberattack

A greater remote workforce means companies must secure more endpoints, networks, and software required by remote workers. With remote workers able to operate from anywhere within company guidelines, this means more areas need to be covered and risk assessed. Inevitably, this puts added pressure on IT security departments and increases their workload to protect their system from cyberattacks.

2. Less security monitoring

In all probability, cybersecurity staff will not be monitoring every endpoint and watching over everything remote workers do on their home network. Remote work changes system access points and moves network data and traffic outside a company’s technology environment and its high levels of security monitoring. This presents new challenges around remote working cybersecurity. A way of meeting these challenges is to use a fully-managed cybersecurity monitoring service that can detect a breach the moment it happens and prevent damage from being done.

3. Weak data protection procedures

No matter how well-trained your staff are in data protection, they still pose a threat to cybersecurity. A remote worker may decide to download sensitive company information to their personal smartphone which may not be encrypted. Alternatively, they could share important data unencrypted without realising they are compromising company security. Even walking away from a laptop screen that’s left unlocked poses a risk. Cybercriminals continue to be successful at exploiting human errors around cybersecurity and often for financial gain.

4. Phishing attack problems

Phishing remains a prolific cybersecurity threat, and whilst remote workers are no more of a target, being outside of the corporate environment can change perspectives and awareness. This group may be less suspicious of a sophisticated phishing attack disguised as an official business proposal than other workers. They may also find it more difficult to verify an email in person than an office-based worker would. Just one false click on a phishing email and your entire data could be compromised.

5. Vulnerable hardware

In a post-COVID world, most remote workers are using work-issued computers (not necessarily so during the pandemic). Most home workers however have a network of personal devices, and these are easy targets for cybercriminals when they aren’t properly protected. When companies want to raise their level of protection they use a proactive cybersecurity monitoring service like ramsac’s secure+ that hunts for malicious activity on your IT estate.

6. Vulnerable networks

Unsecured networks like public Wi-Fi pose a very real risk to cybersecurity. Yet remote employees may be unaware of the dangers and connect to these networks so they can do their work. They may also use unsecured home networks to send important company data when their router or VPN hasn’t been updated. This is another weakness cybercriminals view as an opportunity to attack a network system.

7. Cloud technology access

Cloud technology is essential for remote working but there are risks involved in areas like misconfiguration and access. A company could inadvertently grant workers too much access to a cloud network or fail to introduce necessary access controls. Such lapses are likely to leave a network susceptible to a cyber-attack where criminals could access and exploit sensitive data.

How do you enhance remote working cybersecurity?

Companies that implement robust security measures can drastically reduce their chances of suffering a costly cyberattack. Over £150 million was lost to cyberattacks in 2022 alone and cybercriminals show no sign of slowing down their illegal activities.

However, there are important steps companies can take to optimise cybersecurity around their remote workers:

Do the cybersecurity basics with passwords and encryption

Ideally, a remote worker should use a virtual private network to access a company network. Also, all devices with access to the network should have antivirus software and a strong password process with unique passwords for different functions. Using encryption software on multiple devices to protect data when file sharing and performing other tasks adds another level of cyber protection.

Adopt a zero-trust policy

The rising volume of remote workers brings extra scalability demands, even on the most robust VPNs. Companies that adopt a zero-trust policy take a multi-layered approach that is scalable, secure and restricts access to the IT environment. A zero-trust policy helps to develop a company’s human firewall where users are continuously monitored, assessed and authorised using the latest authentication protocol and devices are always verified. Cybersecurity solutions and employee awareness courses are available that will strengthen a company’s human firewall.

Employ the latest threat protection

Cybercriminals use increasingly sophisticated methods to access private and company data. Remote workers are especially vulnerable so companies should constantly review their threat detection and incident response policies, so they match the current threat. Adopting a risk-based approach will also highlight weaknesses in your cybersecurity system that hackers may exploit and require urgent attention. Taking a proactive approach to cybersecurity monitoring will protect against cyberattacks.

Heighten cloud security

As mentioned, cloud misconfigurations can cause kinks in network security that could lead to a data breach and compromise a system. Companies should look for any potential gaps or glitches in their cybersecurity policy that could leave them wide open to a cyberattack.

Use behaviour analytics

Some companies may use data science to understand a remote user’s typical work pattern and when they access company network systems. This approach will flag any suspicious activity suggesting a user’s profile has been hacked or their credentials have been compromised so that immediate action can be taken. Microsoft Viva is a software tool often used by managers to monitor the working patterns and performance of remote workers. 

Remote working vs home working cybersecurity risks

Remote working clearly has its advantages, none more so than in achieving the right work-life balance. But security-wise, remote workers use company data in their home comforts where they may drop their guard, make mistakes, and potentially allow hackers access to the company network causing a data breach to occur. Where hardware is not under the control of IT departments and is not equipped with the proper endpoint protection, there is an increasing risk from malware, particularly when software might be out of date.

One possible disadvantage of remote working is the lack of peer-to-peer learning and development that usually takes place in an office environment. The transition to remote working demonstrated the regular controls that were successful in the office did not work so well for home working. Suddenly, security that was on a company’s network layer had to be implemented at the endpoint instead, increasing the risk of a cyberattack.

Having said that, remote working offers numerous benefits for businesses and employees, and using the best cybersecurity monitoring services will support your remote workers and protect them against the threat and damage of a cyberattack.

Whether remote or office working, ramsac will deliver your cybersecurity solutions

We will train your remote workers in the very latest cybersecurity practices to protect your business today and in the future. Get in touch today.

Related Posts

  • Celebrating 20 Years of Cybersecurity Awareness Month

    Celebrating 20 Years of Cybersecurity Awareness Month


    October is Cybersecurity awareness month, follow us on LinkedIn or Twitter for daily tips on how you can protect your organisation against Cybercrime. [...]

    Read article

  • How much should businesses invest in cyber resilience? 

    How much should businesses invest in cyber resilience? 


    In this blog we explore how much organisations should invest in cyber resilience to protect against cybercrime [...]

    Read article

  • What is cyber resilience? A complete guide

    What is cyber resilience? A complete guide


    Firewalls and anti-virus software are just the first steps in protecting your organisation from cyber threats (this is cybersecurity). However, you need more than that and this is where [...]

    Read article

  • What is Mobile Application Management: streamlining app deployment and security

    What is Mobile Application Management: streamlining app deployment and security


    Mobile Application Management helps organisations to manage, secure, and distribute mobile applications within their environment. In this blog we explain what MAM is and the benefits of implementing it. [...]

    Read article

  • The importance of effective Supplier Data Security

    The importance of effective Supplier Data Security


    In this blog post, we will explore essential considerations and questions to ask your suppliers about the protocols they have in place that keep you, and any shared data, [...]

    Read article

  • What is Mobile Device Management?

    What is Mobile Device Management?


    Mobile Device Management is a type of software used by organisations to monitor, manage and secure employees’ mobile devices. In this blog we explain how to build a strong [...]

    Read article