Sunday, September 24, 2023

Cybersecurity working from home: Are you at risk?

63% of businesses suffered a data breach because of remote working.

46% of remote workers accidentally leak sensitive company data.

And ransomware attacks have surged by 20% since remote work has become common.

Yet all we talk about is flexibility, greater productivity and work-life balance.

The benefits of remote working are commonly discussed and are highlighted as a positive trend that’ll benefit businesses and employees. But what’s overlooked is the sensitive data that remote workers can easily lose due to poor training or lack of company security.

Follow this guide to see if your hybrid or remote work model has security gaps that can be easily exploited.

Personal Devices

Security risks present themselves in many forms, and personal devices are one of them.

Protective information should be safe if your business follows essential cybersecurity protocols such as custom firewalls, Virtual Private Networks, and protection software. But how many companies implement the same structure for remote workers?

Research suggests up to 92% of remote workers use personal devices for completing tasks, and 31% are less likely to follow security standards when working from home. Accessing sensitive information from personal computers raises a myriad of cybersecurity risks such as:

  • Employees saving sensitive data on their personal devices

  • Lack of traceability in case of a data breach

  • Data leaks because of negligent behavior

  • Connecting personal devices to unsecured networks

  • Lack of antivirus software, leaving you susceptible to malware

Personal devices are a liability unless connected to a secure VPN or a company-provided router. We’re told to trust our employees regardless of their location, and the remote workforce is definitely a test of trust.

But businesses should remember that the current recommended protocol for cybersecurity is a zero-trust policy.

What is a Zero-Trust policy: this high-level strategy enforces a strict approach where employees, devices or servers inside the company’s network cannot be automatically trusted to access resources.

The Zero-Trust policy is a protocol that sets a fair standard for workers onsite and remote without making anyone feel less trustworthy than the other.

It also depends on the technology available. Smaller businesses are often equipped with less resources and therefore have fewer cybersecurity protocols active, such as two-factor authentication. According to the Cybersecurity and Infrastructure Security Agency, using unsupported software from your company, lacking two-factor authentication and using default passwords are three of the worst cybersecurity practices.

  • Only use work laptops
  • Incorporate a zero-trust policy
  • Create a protocol for phone usage

Network

We touched on the importance of a VPN, but let’s look at the risks of remote employees using different networks.

The current nature of hybrid work allows remote employees to work from anywhere. Businesses have adopted this to promote flexibility and improve work-life balance but have overlooked a critical factor that can lead to data breaches.

If remote employees were to work from a shopping mall or cafe, they’re now connected to a shared bandwidth. This type of network has no encryption built in or unique password per user, hence everyone can access it. Shared bandwidth networks are the easiest to hack and user activity can be spied on without anyone knowing.

Businesses that hold crucial consumer data in banking or health industries have many remote employees that can work from anywhere. How would you feel knowing that anyone can see your personal details? Even home networks are often vulnerable to attacks because of weak passwords, outdated routers and being stripped of important security defense.

There are no business cybersecurity teams that are monitoring their employees’ home network, and generally, organizations are unable to extend monitoring to all endpoints.

Security teams must ensure their remote employees mitigate this risk through a VPN or a company-provided router.

Corporate networks implement strict security settings, including network encryption, internet security software, custom firewalls, etc. Simply put, a personal or shared network can’t offer this.

A Virtual Private Network creates a secure connection between a computer device and network
  • Don’t allow shared bandwidth usage
  • Use VPNs
  • Create strong passwords

Privacy

Unfortunately, the risks of remote working don’t end there.

Think of it as one step forward, two steps back.

Customer privacy has become an increasing concern in the world as they become more informed on the processes of website cookies. Businesses are slowly transitioning away from third-party data and relying on first-party data.

Yet consumer personal data and company information is breaching essential privacy through remote working.

When working from home, the regular person has family members or roommates within the working area and can freely view sensitive information. The situation exacerbates when employees are working outdoors and strangers are free to look at their screens or overhear private conversations that can be confidential.

Other than lacking professionalism it can quickly become a serious cybersecurity threat.

  • Only do remote work from home
  • Lock your PC when stepping away
  • Have a private space for meetings and phone calls

Cloud misconfigurations

Some data should only be accessed in an office environment.

But storing information on cloud technology changes the dynamic of data sharing and access. It’s common for organizations to grant too much user access and remote workers can easily share data with unauthorized individuals.

For example, a remote worker might be granted access to a cloud-based file server that contains sensitive customer data. If the remote worker is not careful, they could accidentally share this data with someone they shouldn’t.

To prevent cloud misconfigurations, organizations should implement strict access controls and regularly audit their cloud deployments – especially under remote conditions.

  • Limit cloud access to only necessary users
  • Enable cloud notifications to inform user activity

Social engineering attacks

Social engineering attacks are a type of cyberattack that relies on human interaction to trick victims into revealing sensitive information or taking actions that compromise their security.

Remote workers are more vulnerable to social engineering attacks because they are often isolated from their colleagues and may not be as familiar with the company’s security policies.

For example, a remote worker might receive an email from someone claiming to be from the IT department and asking for their password. If the remote worker falls for this scam, the attacker could gain access to the worker’s corporate account and steal sensitive data.

Such scenarios are more common than you might think. It’s even more possible when new employees join a business and are still learning.

  • Train all staff on security protocols
  • Utilize custom firewalls to cater for unique business needs

Changing approaches

Hybrid and remote models can still work.

The benefits of flexibility can still be enjoyed, but just with precaution thrown into the equation. Companies must consider cybersecurity threats as part of their transition to flexible work solutions, and train their teams to address potential security concerns.

When you access sensitive corporate information it’s important to recognize the consideration of privacy and mitigating personal device usage. Ultimately, remote and hybrid work has brought many benefits, but employees and businesses must address cyber security risks before carelessly implementing it.

Share this article
Twitter
LinkedIn
Facebook
Amy Menzies

Amy Menzies

Worldwide Virtual Office Locations

 Australia – English
 Bahrain – English اللغة العربية
 Belgium – FRANÇAIS  Nederlands  English
 China – 簡体中文   English
 France – FRANÇAIS   English
 Germany – Deutsch   English
 Hong Kong – 繁體中文   English
 Japan – 日本語   English
 Kuwait – اللغة العربية  English
 Lebanon – English  اللغة العربية
 Malaysia – English  Bahasa Melayu
 New Zealand – English
 Philippines – English
 Qatar – English  اللغة العربية
 Saudi Arabia – اللغة العربية  English
 Singapore – English  簡体中文
 Thailand – ภาษาไทย  English
 Turkey – Türkçe  English
 United Arab Emirates – English  اللغة العربية
 UK – English
 United States – English