Remote working is here to stay. There can be no denying its popularity. By 2022, 59% of US workers who say their job could be carried out remotely were doing so, up from 23% before the COVID-19 outbreak. But with remote work come work from home IT security issues that businesses must address to face the challenges of the “new normal”.
Even though we use the term “working from home”, it is not always literally true. Some remote employees do work at their residences, but others take their laptops to coffee shops, libraries, cafes, co-working spaces, and many other destinations as they seek the ideal workplace without the hefty commute. This opens them up to an even greater risk of security issues, and IT departments must factor this information into their thinking as they seek to protect their companies.
This article explores the security risks of remote working and the ways to mitigate those risks.
What causes remote work cyber security risks?
There are a number of reasons why working from home can cause security risks. They include:
|Lack of training||Employees might not realize how risky their behavior is when working from home. If the company doesn’t implement training on cyber security, employees will not understand the potential impacts of their actions.|
|Distraction||Working from home can be distracting. There might be family members at home, household jobs to carry out, packages being delivered, and not to mention TVs, game consoles, and other personal items. If an employee is not entirely focused, they can easily fall prey to a phishing attack, a ransomware attack, or similar.|
|Complacency||When in a home environment, the stakes seem lower than when employees are immersed in the office culture all the time. This might mean taking a more lax approach to work for some people and, as part of that, becoming complacent with security measures.|
|Lack of oversight||With employees out of the office, there is less oversight of their activities. For companies that do not monitor remote IT use closely, any security breaches could happen, and it would be until the ill effects were felt in the main network that anyone knew.|
The 8 most common remote work security issues to plan for
Connecting through unsecured networks
If your remote workers connect to your system using public WiFi in libraries, coffee shops, and even shared home WiFi, they could be using unsecured networks and opening a gateway into their device and, therefore, your corporate network.
In June 2022, the Cybersecurity and Infrastructure Security Agency issued a warning that hackers affiliated with the Chinese government were targeting vulnerabilities in public and private networks in the US.
Without the correct security features installed, it is possible for hackers of all levels to gain access to devices and cause havoc in a way that threatens your business. One suggestion is to have remote employees install a VPN that disguises their IP address during remote access to your systems.
Using personal devices for work
When employees use their personal devices for remote work purposes, there is a range of security issues that they might face. Such a device doesn’t compartmentalize work and personal usage. This means that using apps and programs with lax security settings for fun could lead to a data breach or malware attack that affects the business tasks on that device.
Work devices maintained by the company often come with the ability to be purged remotely of sensitive information. With a personal device on a bring your own device (BYOD) policy, there is likely no such facility, meaning that it could be used for nefarious access and data breaches. This can lead to compliance issues relating to the handling of people’s personal data.
Using non-sanctioned online tools
IT sanctions certain software solutions for remote workers, but the latter often use their own selection of programs. This could be because employees are more comfortable with other online tools, they don’t feel that the sanctioned tools are sufficient for their purposes, or any number of other reasons.
Unfortunately, this practice, called shadow IT, can come with security risks because the security protocols are not as rigid as they need to be for the protection of the business. They might not require multi-factor authentication, which would increase their security, or they might not feature data protection protocols that are as stringent as is required for compliance.
Using unencrypted file sharing services
Companies will have their own secure and encrypted file sharing solutions, but when workers are at home or at other remote locations, they might choose to use suboptimal solutions due to familiarity.
If these services are unencrypted, it can lead to hackers intercepting files in transit from one location to another. This might happen if your employees use a commercial B2C file sharing app or if they are using a personal email to send documents.
Not only is there a risk of cyber criminals gaining access to sensitive information and ransoming it, but there could also be compliance concerns over the unsecure handling of people’s data.
Ignoring physical security practices in public places
There are not just cyber threats from remote working but physical ones, too. If your staff members carry out their work in public locations, there is the risk of people in the vicinity accessing their devices.
If your employees leave their devices unattended or are not careful to shield their keyboards when they enter passwords, your business equipment, both physical and digital, can fall into the wrong hands.
Employees must understand the potential dangers of working from public locations and take evasive action to prevent device theft or unauthorized access to company documents.
Phishing and email scams
If your employees carry out work using personal email or even if they just use their personal email on the same device on which they carry out work, it creates a vulnerability. The spam filters of personal email will be much less stringent than that of your corporate system, meaning that there is a higher chance of employees receiving phishing or other email scams.
They might, for example, fall for phishing emails that send them to a link infected with a virus or result or accidentally share sensitive information with fraudsters. This can mean that company data leaks into the hands of bad actors, risking the company’s sensitive documents and even its reputation.
Webcam hacking and Zoombombing
Video conferencing has increased in popularity exponentially over recent years as a result of enforced social distancing during the COVID-19 pandemic. Although most businesses would recommend solutions with robust security measures in place, many remote employees might communicate with team members using popular B2C apps.
Unfortunately, these options cannot offer the same level of security as specialized programs. There is, therefore, an increased risk of hackers gaining access to meetings undetected to gather sensitive information or disrupt your events.
To employees who are unaware of the potential consequences using these apps can seem like a harmless and convenient way of keeping communication lines open whilst working remotely, but the reality is far from harmless.
Lack of procedures and security policies
If your business does not have clear procedures and policies in place for remote working, this can lead to security risks such as using unsecured video conferencing tools.
You need to spell out the obligations you have for your employees with regard to their actions when working from home. A set procedure for which devices they can and can’t use, as well as the sanctioned software and your BYOD policy, could save your business paying the price of a security breach.
What are the security vulnerabilities associated with remote access technologies?
Security vulnerabilities associated with remote access tech include ineffective firewalls and spam filters, as well as the use of unsecured networks and shadow IT, causing issues that IT cannot oversee.
What is an “attack surface”?
The more your company, its employees, and their devices connect to the outside world, the more opportunities there are for bad actors to penetrate your security. Your exposure to this is known as your attack surface.
How important is cybersecurity training for remote work?
The decisions that your people make, on purpose or unwittingly, may lay the foundation for breaches that are made possible by remote working. Training is essential to inform employees of their obligations and the consequences of not meeting them.
Remote working is helpful in many ways to an organization. The ability to work from home can increase employee satisfaction, help you retain talent, and recruit high-caliber candidates. However, there are also work from home IT security issues that you must consider.
Training is important for keeping employees from engaging in risky behavior. So is the monitoring of your systems for unauthorized applications like cracked software and unapproved freemium programs that pose serious risks to your company. Vaultry keeps track of all devices on your corporate network and alerts you to potential dangers. You can then remove the threats immediately.
Get started today with Vaultry to protect your business.