The cybersecurity risks of remote working
Posted on July 31, 2023 by Louise Howland
The rise in remote working since the COVID-19 pandemic has given way to a subsequent increase in cybersecurity attacks.
Data collected by the Office of National Statistics for the period September 2022 to January 2023 reveals that 44% of UK workers reported home or hybrid working. And, with more of us working remotely, the challenges around cybersecurity have become even greater.
Remote working raises the risk of a cyber-attack or data breach for several reasons including greater use of public cloud, internet of things (IoT), and highly connected supply chains. The use of unsanctioned technology by remote workers that lack security protection, and the correct authentication process, has also opened the door to cyber criminals. Organisations need to strengthen their cybersecurity resilience to combat these threats.
What are the most common cybersecurity risks for remote workers?
There are numerous advantages to remote working such as greater flexibility, less commuting time, more autonomy, and a reduced need for office space. But cybercriminals are now attacking remote workers as they may use unsecured home network connections with a lower level of cyber protection than office-based workers.
Remote workers could pose greater cybersecurity risks because of:
1. More possibilities for a cyberattack
A greater remote workforce means companies must secure more endpoints, networks, and software required by remote workers. With remote workers able to operate from anywhere within company guidelines, this means more areas need to be covered and risk assessed. Inevitably, this puts added pressure on IT security departments and increases their workload to protect their system from cyberattacks.
2. Less security monitoring
In all probability, cybersecurity staff will not be monitoring every endpoint and watching over everything remote workers do on their home network. Remote work changes system access points and moves network data and traffic outside a company’s technology environment and its high levels of security monitoring. This presents new challenges around remote working cybersecurity. A way of meeting these challenges is to use a fully-managed cybersecurity monitoring service that can detect a breach the moment it happens and prevent damage from being done.
3. Weak data protection procedures
No matter how well-trained your staff are in data protection, they still pose a threat to cybersecurity. A remote worker may decide to download sensitive company information to their personal smartphone which may not be encrypted. Alternatively, they could share important data unencrypted without realising they are compromising company security. Even walking away from a laptop screen that’s left unlocked poses a risk. Cybercriminals continue to be successful at exploiting human errors around cybersecurity and often for financial gain.
4. Phishing attack problems
Phishing remains a prolific cybersecurity threat, and whilst remote workers are no more of a target, being outside of the corporate environment can change perspectives and awareness. This group may be less suspicious of a sophisticated phishing attack disguised as an official business proposal than other workers. They may also find it more difficult to verify an email in person than an office-based worker would. Just one false click on a phishing email and your entire data could be compromised.
5. Vulnerable hardware
In a post-COVID world, most remote workers are using work-issued computers (not necessarily so during the pandemic). Most home workers however have a network of personal devices, and these are easy targets for cybercriminals when they aren’t properly protected. When companies want to raise their level of protection they use a proactive cybersecurity monitoring service like ramsac’s secure+ that hunts for malicious activity on your IT estate.
6. Vulnerable networks
Unsecured networks like public Wi-Fi pose a very real risk to cybersecurity. Yet remote employees may be unaware of the dangers and connect to these networks so they can do their work. They may also use unsecured home networks to send important company data when their router or VPN hasn’t been updated. This is another weakness cybercriminals view as an opportunity to attack a network system.
7. Cloud technology access
Cloud technology is essential for remote working but there are risks involved in areas like misconfiguration and access. A company could inadvertently grant workers too much access to a cloud network or fail to introduce necessary access controls. Such lapses are likely to leave a network susceptible to a cyber-attack where criminals could access and exploit sensitive data.
How do you enhance remote working cybersecurity?
Companies that implement robust security measures can drastically reduce their chances of suffering a costly cyberattack. Over £150 million was lost to cyberattacks in 2022 alone and cybercriminals show no sign of slowing down their illegal activities.
However, there are important steps companies can take to optimise cybersecurity around their remote workers:
Do the cybersecurity basics with passwords and encryption
Ideally, a remote worker should use a virtual private network to access a company network. Also, all devices with access to the network should have antivirus software and a strong password process with unique passwords for different functions. Using encryption software on multiple devices to protect data when file sharing and performing other tasks adds another level of cyber protection.
Adopt a zero-trust policy
The rising volume of remote workers brings extra scalability demands, even on the most robust VPNs. Companies that adopt a zero-trust policy take a multi-layered approach that is scalable, secure and restricts access to the IT environment. A zero-trust policy helps to develop a company’s human firewall where users are continuously monitored, assessed and authorised using the latest authentication protocol and devices are always verified. Cybersecurity solutions and employee awareness courses are available that will strengthen a company’s human firewall.
Employ the latest threat protection
Cybercriminals use increasingly sophisticated methods to access private and company data. Remote workers are especially vulnerable so companies should constantly review their threat detection and incident response policies, so they match the current threat. Adopting a risk-based approach will also highlight weaknesses in your cybersecurity system that hackers may exploit and require urgent attention. Taking a proactive approach to cybersecurity monitoring will protect against cyberattacks.
Heighten cloud security
As mentioned, cloud misconfigurations can cause kinks in network security that could lead to a data breach and compromise a system. Companies should look for any potential gaps or glitches in their cybersecurity policy that could leave them wide open to a cyberattack.
Use behaviour analytics
Some companies may use data science to understand a remote user’s typical work pattern and when they access company network systems. This approach will flag any suspicious activity suggesting a user’s profile has been hacked or their credentials have been compromised so that immediate action can be taken. Microsoft Viva is a software tool often used by managers to monitor the working patterns and performance of remote workers.
Remote working vs home working cybersecurity risks
Remote working clearly has its advantages, none more so than in achieving the right work-life balance. But security-wise, remote workers use company data in their home comforts where they may drop their guard, make mistakes, and potentially allow hackers access to the company network causing a data breach to occur. Where hardware is not under the control of IT departments and is not equipped with the proper endpoint protection, there is an increasing risk from malware, particularly when software might be out of date.
One possible disadvantage of remote working is the lack of peer-to-peer learning and development that usually takes place in an office environment. The transition to remote working demonstrated the regular controls that were successful in the office did not work so well for home working. Suddenly, security that was on a company’s network layer had to be implemented at the endpoint instead, increasing the risk of a cyberattack.
Having said that, remote working offers numerous benefits for businesses and employees, and using the best cybersecurity monitoring services will support your remote workers and protect them against the threat and damage of a cyberattack.
Whether remote or office working, ramsac will deliver your cybersecurity solutions
We will train your remote workers in the very latest cybersecurity practices to protect your business today and in the future. Get in touch today.