Top Business Tech discusses the security threats of the new ‘work from anywhere’ business model.
In 2019, remote working was very limited, and companies preferred all employees to work from their office spaces. However, when the pandemic hit, most organizations had to go remote completely to ensure their employees are safe while keeping their companies afloat. Now, as the world moves out of lockdowns, 47% of companies have said that they would give their employees the choice of working remotely full-time, and 82% said they would offer employees at least one day a week to work from home.
The benefits of remote work
Remote working comes with quite a few advantages for companies and their employees.
- Giving employees the choice of where they work can provide them with a sense of freedom, increasing morale and hopefully decreasing their stress levels. When they don’t have to worry about getting to work through rush hour, employees are not feeling rushed throughout the whole day. Another advantage is that companies will save money in various ways.
- Companies can decrease their office space as they do not need as much space as they did pre-covid. Organizations can save on renting office space, the cost of chairs and desks, and smaller things such as coffee and snacks for breakrooms.
- With remote work comes a positive impact on the environment. Companies will decrease their carbon footprint as fewer employees will drive to the office.
- By implementing working remotely, companies will be more attractive to the younger talent, which is what they look for.
The disadvantages of remote work
Even though there are some good advantages, remote working comes with numerous dangers and disadvantages.
If you are thinking of allowing your employees to work remotely, you should review the state of your security systems and the knowledge your employees have on cyberattacks and the various risks they may encounter.
As everything is now done through the internet, remote work has seen an increase in cyberattacks. Any tasks done via the internet opens a company up to cyberattacks; when combined with the risk posed by home routers, working from home increases cybersecurity risks further.
Luke Irwin from IT Governance has said that “Your Cloud documents, emails and attachments, instant messaging systems for clients and third-party services are all vulnerable, and with so much information being shared digitally, your attack surface has grown much wider.”
Office systems tend to provide employees with a lot more protection using firewalls and IP addresses. However, personal devices and mobile phones for work apps have also created a greater potential of sensitive information entering the wrong hands.
The most common security risks associated with working from home
Let’s take a deeper look into some of the most common security risks employees may experience from working at home.
1. Unsecure Wi-Fi
When employees work remotely from a restaurant, at home or in another office space, they need to connect to a Wi-Fi network. These networks are often insecure and can pose a risk to the security of the individual’s data.
Most of these Wi-Fi connections don’t have antivirus programmes and firewalls built to protect users from potentially being targeted with malware and disastrous attacks. As a result, malicious actors in the surrounding areas can easily access their connections and collect confidential information when connected to Wi-Fi. IT departments need to be proactive with this by teaching employees how to make their home Wi-Fi systems secure and encouraging them not to use open Wi-Fi networks unless they are using a VPN connection.
Phishing scams are aimed at stealing personal information, including ID details, bank account details and others. Attackers carry out phishing scams in various formats; the most common, especially in companies, is email. Employees may receive an email to their work email or private emails, and if they click on the link sent to them, the hackers will gain access to place malware on that specific device.
Attackers also use SMS to conduct phishing scams. For example, the other day, I received an SMS saying that one of my packages had been delivered to the post office and an additional payment needed to be made. This type of SMS has become very popular with hackers due to increased online shopping during the Covid-19 pandemic.
New research has found that over 90 days, the number of scam texts pretending to be from a delivery firm represented more than half of all SMS phishing attempts, according to new data provided to UK Finance by cybersecurity company Proofpoint. Laura Suter, head of personal finance at AJ Bell, recently stated that in 2020 scammers stole £479mn from unsuspecting people through these scams, with the actual figure likely to be a lot higher as much of it goes unreported. Most people think they will spot a potential phishing email or SMS; however, they are becoming more and more deceptive. Companies need to train their staff to ensure they can either determine if an email or SMS is a potential scam or give them an IT contact that they can send these messages through to be checked.
As Fred Voccola, CEO of Kaseya, the IT software management company observes, “comprehensive and frequent cybersecurity training can no longer be considered a ‘nice to have’ for businesses—it’s now absolutely crucial for organizations that are facing an ever-evolving array of cybersecurity threats in the current work-from-home environment.”
3. Personal devices
Our last common security threat that we will look at today is the use of personal devices. Employees may be tempted to use their own devices when they work from home; however, their security may not be strong enough to defend against some cyberattacks. Some companies have even implemented a Bring Your Own Device policy, putting their data at risk. In addition, there is no guarantee that an employee will keep their software up to date, which could open security gaps. The possibility of cyberattacks is not the only worry companies should have with this. If an employee leaves the company, they could take your confidential information with them, and you won’t have an opportunity to retrieve this information.
Tools for prevention
From the risks mentioned above, you can see cyberattacks are almost entirely inevitable. Whether you work from work devices or personal devices, there is always a way for hackers to get in. Now there may be nowhere to hide, but there are a few things that companies and employees can do to try limit the risk of cyberattacks.
Let’s go through some of the essential tools that all your employees should have installed on their devices to prevent cyberattacks and data loss.
1. Multi-factor authentication
Employees need to implement multi-factor authentication, which will create a multilayer security process that creates a minimal chance of cybercriminals gaining access to private and confidential information. In addition, employees need to ensure that they use a password manager that allows them to use various strong passwords without worrying about forgetting them.
As already mentioned, employees should use a company-provided VPN when working from home or a Wi-Fi hotspot. This will stop any malicious actors from seeing any of the data and information on the device.
Companies need to implement strong firewall software onto everyone’s laptops, even personal laptops. As a result, the company will be more protected from cyberattacks, and their data will be safer.
3. Endpoint detection
On top of the firewall software, companies should deploy endpoint detection and response solutions. By doing so, they will be able to prevent malware remotely, respond quickly to threats and automatically manage software deployment.
Organizations and employees may not be safe anywhere, but there is always something that it, and they, can do to improve their security. The main thing to do is train your employees and ensure that they have all the software and equipment that can keep your data their personal information safe.