The cybersecurity risks of remote working

Person working remotely from their home

The rise in remote working since the COVID-19 pandemic has given way to a subsequent increase in cybersecurity attacks.

Data collected by the Office of National Statistics for the period September 2022 to January 2023 reveals that 44% of UK workers reported home or hybrid working. And, with more of us working remotely, the challenges around cybersecurity have become even greater.

Remote working raises the risk of a cyber-attack or data breach for several reasons including greater use of public cloud, internet of things (IoT), and highly connected supply chains. The use of unsanctioned technology by remote workers that lack security protection, and the correct authentication process, has also opened the door to cyber criminals. Organisations need to strengthen their cybersecurity resilience to combat these threats.

What are the most common cybersecurity risks for remote workers?

There are numerous advantages to remote working such as greater flexibility, less commuting time, more autonomy, and a reduced need for office space. But cybercriminals are now attacking remote workers as they may use unsecured home network connections with a lower level of cyber protection than office-based workers.

Remote workers could pose greater cybersecurity risks because of:

1. More possibilities for a cyberattack

A greater remote workforce means companies must secure more endpoints, networks, and software required by remote workers. With remote workers able to operate from anywhere within company guidelines, this means more areas need to be covered and risk assessed. Inevitably, this puts added pressure on IT security departments and increases their workload to protect their system from cyberattacks.

2. Less security monitoring

In all probability, cybersecurity staff will not be monitoring every endpoint and watching over everything remote workers do on their home network. Remote work changes system access points and moves network data and traffic outside a company’s technology environment and its high levels of security monitoring. This presents new challenges around remote working cybersecurity. A way of meeting these challenges is to use a fully-managed cybersecurity monitoring service that can detect a breach the moment it happens and prevent damage from being done.

3. Weak data protection procedures

No matter how well-trained your staff are in data protection, they still pose a threat to cybersecurity. A remote worker may decide to download sensitive company information to their personal smartphone which may not be encrypted. Alternatively, they could share important data unencrypted without realising they are compromising company security. Even walking away from a laptop screen that’s left unlocked poses a risk. Cybercriminals continue to be successful at exploiting human errors around cybersecurity and often for financial gain.

4. Phishing attack problems

Phishing remains a prolific cybersecurity threat, and whilst remote workers are no more of a target, being outside of the corporate environment can change perspectives and awareness. This group may be less suspicious of a sophisticated phishing attack disguised as an official business proposal than other workers. They may also find it more difficult to verify an email in person than an office-based worker would. Just one false click on a phishing email and your entire data could be compromised.

5. Vulnerable hardware

In a post-COVID world, most remote workers are using work-issued computers (not necessarily so during the pandemic). Most home workers however have a network of personal devices, and these are easy targets for cybercriminals when they aren’t properly protected. When companies want to raise their level of protection they use a proactive cybersecurity monitoring service like ramsac’s secure+ that hunts for malicious activity on your IT estate.

6. Vulnerable networks

Unsecured networks like public Wi-Fi pose a very real risk to cybersecurity. Yet remote employees may be unaware of the dangers and connect to these networks so they can do their work. They may also use unsecured home networks to send important company data when their router or VPN hasn’t been updated. This is another weakness cybercriminals view as an opportunity to attack a network system.

7. Cloud technology access

Cloud technology is essential for remote working but there are risks involved in areas like misconfiguration and access. A company could inadvertently grant workers too much access to a cloud network or fail to introduce necessary access controls. Such lapses are likely to leave a network susceptible to a cyber-attack where criminals could access and exploit sensitive data.

How do you enhance remote working cybersecurity?

Companies that implement robust security measures can drastically reduce their chances of suffering a costly cyberattack. Over £150 million was lost to cyberattacks in 2022 alone and cybercriminals show no sign of slowing down their illegal activities.

However, there are important steps companies can take to optimise cybersecurity around their remote workers:

Do the cybersecurity basics with passwords and encryption

Ideally, a remote worker should use a virtual private network to access a company network. Also, all devices with access to the network should have antivirus software and a strong password process with unique passwords for different functions. Using encryption software on multiple devices to protect data when file sharing and performing other tasks adds another level of cyber protection.

Adopt a zero-trust policy

The rising volume of remote workers brings extra scalability demands, even on the most robust VPNs. Companies that adopt a zero-trust policy take a multi-layered approach that is scalable, secure and restricts access to the IT environment. A zero-trust policy helps to develop a company’s human firewall where users are continuously monitored, assessed and authorised using the latest authentication protocol and devices are always verified. Cybersecurity solutions and employee awareness courses are available that will strengthen a company’s human firewall.

Employ the latest threat protection

Cybercriminals use increasingly sophisticated methods to access private and company data. Remote workers are especially vulnerable so companies should constantly review their threat detection and incident response policies, so they match the current threat. Adopting a risk-based approach will also highlight weaknesses in your cybersecurity system that hackers may exploit and require urgent attention. Taking a proactive approach to cybersecurity monitoring will protect against cyberattacks.

Heighten cloud security

As mentioned, cloud misconfigurations can cause kinks in network security that could lead to a data breach and compromise a system. Companies should look for any potential gaps or glitches in their cybersecurity policy that could leave them wide open to a cyberattack.

Use behaviour analytics

Some companies may use data science to understand a remote user’s typical work pattern and when they access company network systems. This approach will flag any suspicious activity suggesting a user’s profile has been hacked or their credentials have been compromised so that immediate action can be taken. Microsoft Viva is a software tool often used by managers to monitor the working patterns and performance of remote workers. 

Remote working vs home working cybersecurity risks

Remote working clearly has its advantages, none more so than in achieving the right work-life balance. But security-wise, remote workers use company data in their home comforts where they may drop their guard, make mistakes, and potentially allow hackers access to the company network causing a data breach to occur. Where hardware is not under the control of IT departments and is not equipped with the proper endpoint protection, there is an increasing risk from malware, particularly when software might be out of date.

One possible disadvantage of remote working is the lack of peer-to-peer learning and development that usually takes place in an office environment. The transition to remote working demonstrated the regular controls that were successful in the office did not work so well for home working. Suddenly, security that was on a company’s network layer had to be implemented at the endpoint instead, increasing the risk of a cyberattack.

Having said that, remote working offers numerous benefits for businesses and employees, and using the best cybersecurity monitoring services will support your remote workers and protect them against the threat and damage of a cyberattack.

Whether remote or office working, ramsac will deliver your cybersecurity solutions

We will train your remote workers in the very latest cybersecurity practices to protect your business today and in the future. Get in touch today.

Related Posts

  • How to set up a secure password policy in Microsoft 365

    How to set up a secure password policy in Microsoft 365

    Cybersecurity

    Discover the essentials of a robust password policy for cybersecurity in Microsoft 365. Learn what to include and what to avoid. Read the blog today. [...]

    Read article

  • A guide to sensitivity labels and how to apply them

    A guide to sensitivity labels and how to apply them

    Cybersecurity

    Sensitivity labels allow you to manage, organise, and protect sensitive emails, files, and documents as part of the Microsoft 365 suite. Read on. [...]

    Read article

  • MFA vs 2FA: What’s the Difference?

    MFA vs 2FA: What’s the Difference?

    Cybersecurity

    Features like user facial recognition that are difficult to replicate means multi-factor authentication offers more cybersecurity layers than two-factor authentication. Find out more. [...]

    Read article

  • Happy Birthday secure+: How our cybersecurity solution has detected over 8000 cybersecurity alerts in one year

    Happy Birthday secure+: How our cybersecurity solution has detected over 8000 cybersecurity alerts in one year

    Cybersecurity

    secure+ has detected and responded to over 8000 security alerts in its first year [...]

    Read article

  • MFA Fatigue: Multi-Factor Authentication (MFA) is best practice, but it’s not risk free.

    MFA Fatigue: Multi-Factor Authentication (MFA) is best practice, but it’s not risk free.

    Cybersecurity

    MFA Fatigue is a problem organisations need to be aware of, in this blog we break down why and what organisations can do to combat it. [...]

    Read article

  • Data Protection Day – Protecting your information on social media.

    Data Protection Day – Protecting your information on social media.

    Cybersecurity

    The 28th of January is Data Protection day, to mark this day we have created a blog with tips on how people can keep their personal data safe on [...]

    Read article