As more people work online, and more services are being digitized, there’s an increasing cybersecurity risk for companies. And with increasing numbers of people working from home or working remotely, there are also many more remote work security risks.
Deloitte has found that during the pandemic, when many companies were compelled into a rapid digital transformation, that cybersecurity has become a major concern. For example, Switzerland recorded over double the number of cyberattacks in April 2020 compared with normal. It also found that between February and May 2020, over half a million people around the world were affected by security breaches where personal data of video meeting users was stolen and sold on the dark web.
Furthermore, phishing attacks have been getting far more sophisticated and the cyber threat landscape is getting increasingly complex and diverse. This calls for a more proactive company approach towards security issues to prevent hacks and attacks – rather than waiting for them to happen. And it is also imperative that companies also look at ways to detect and respond to hacks and attacks so that they can resume operations.
There are many factors that contribute to remote work cyber security risks, and many actions that employers can take to help guard against these risks. Below we explore six of the top remote work security risks around the globe and how companies can address these and keep their operations safe.
Top 6 remote work security risks
Below we look at 6 of the top remote work security risks that employees may inadvertently fall victim to. These security risks have the potential to put companies at grave financial and reputational risk.
This can happen as a result of data leaks, the interception of sensitive information, cyber fraud, access to banking details, or the loss of private client data. Hackers can also hold companies to ransom if they are able to access a network or highly confidential information.
In 2017 for example, 147million records belonging to Equifax were hacked – representing about 56% of Americans. This meant that hackers were able to access people’s credit card details, dates of birth and social security numbers.
The size, extent and prevalence of cyber security risks should therefore not be underestimated.
1. Accessing company data using unsecured internet networks
Many employees who work remotely access their company files using public Internet, or unsecured home wireless networks. That allows cybercriminals to access confidential and sensitive information and intercept or steal data.
That’s one reason why some companies ensure that all staff who work remotely, access the internet using a Virtual Private Network (VPN).
2. Using personal computers for work and personal business
Many remote employees, particularly if they use their own computers for work, also use those devices for personal business. In fact many companies require remote staff to use their own devices.
The risk this poses is that employees can then save confidential information on their computers, storing it there without any protection. If that employee either leaves the company or doesn’t have any up-to-date security software installed on the device, this could lead to a security breach.
That’s why it’s a good idea to have a detailed remote work policy that addresses cybersecurity operating procedures and rules.
3. The risk of physical theft
Remote employees, whether working at home or in coworking or shared office space environments, can fall victim to theft of personal devices like laptops and cell phones. If those devices are not carefully encrypted and secured, then any data can be accessed by cybercriminals.
Some companies provide remote staff with stipends to help cover costs of setting up a home office, which includes security measures.
4. Weak security passwords
Some staff members select weak or predictable passwords for their accounts and apps, which can put the security of the entire company at risk – even if other security measures like VPNs are being used.
One example is people who use the same password for all their accounts – once this happens and if a cybercriminal hacks one account, they can then gain access to a large number of other linked accounts.
5. Sharing files that aren’t encrypted
Many companies ensure that all their files on a network or server are encrypted, but when those files get transferred from one person to another – if they aren’t encrypted then, they could also fall into the hands of cybercriminals.
This could lead to cybercriminals accessing private client data and using that for nefarious purposes like ransom, identify fraud or extortion.
6. Phishing and email scams
Many employees around the world fall victim to increasingly sophisticated email or phishing scams. These typically involve people who send emails that appear legitimate and credible, but by clicking on links or responding, you can be fooled into providing sensitive data, bank details or even paying over large sums of money into the incorrect bank account. Or your company files may be infected with malicious malware, destroying all your data and wreaking havoc with your business operations.
There is software that can help identify and remove these phishing emails, but some still escape these filters. And if employees don’t have the latest malware filters updated, then they can fall victim to this type of attack.
Due to the prevalence and risks posed by these sorts of scams, many companies opt to provide staff with training on how to avoid these sorts of attacks.
How to keep your company safe from security risks
Given the multitude of remote work security risks, it’s wise for companies to be proactive in protecting their data and information. There are many actions that companies can take to better protect themselves and their staff from cyber risks and cyber-attacks.
These cyber security solutions include:
Providing staff with remote work security training
By providing your remote staff with cyber security training, you can give them the tools and skills needed to operate safely and identify potential security threats. There are also many types of IT support that companies can provide to their staff to help avoid any potential security risks.
For example, companies can ensure that all staff have multi-factor authentication installed for additional security. They can request that staff use password managers so that they can set up strong and varied passwords without forgetting them.
Companies can also help employees to set up VPNs, so that when they connect to and access company data, that the network connection is secure. Furthermore, companies can help staff to set up firewalls on their computers and devices to strengthen security measures. And of course, all employees should have access to the latest security software and upgrades to protect against malware and hacks.
Company-wide security training can help staff to think of all the possible security threats and to know how to address them. For example, staff can be taught what a secure and strong password would look like; why it’s important to have a webcam cover, what types of links to avoid clicking on to avoid phishing scams, how to keep security software up-to-date, how to keep your operating system updated, why to ensure a clear background during online meetings and what to watch out for when sharing your screen; and how to enable two-factor authentication.
There are also a range of other types of support that companies can offer staff to help ensure optimal performance. For example, providing remote employees with healthcare insurance, no matter where in the world they are located. This is something that the company SafetyWing offers, which is available to remote teams and even freelancers and digital nomads.
Securing company infrastructure and software
There’s a lot that company managers can do to ensure that they secure all important technology and software that may pose security risks. This is particularly relevant where many employees are working remotely, opening up companies to increased remote work cyber security risks.
Of course, the first obvious step is to create a remote work policy that has a specific provision focused on cyber security. And then naturally, companies should see the value in developing cyber security training for all staff – whether or not they work remotely or not. Particular attention should be given to phishing scams as these are increasingly prevalent and dangerous.
Companies can help ensure that all staff members use VPNs, that they use encrypted video messaging software, that they store data centrally and perform regular backups, and that they have up-to-date antivirus software and operating systems installed. It’s also important for companies to ensure that all staff set safe passwords, use password management tools, and use encryption software when sending data.
Establishing a remote work security policy
Many companies were caught unaware in terms of security risks when the COVID-19 pandemic began, and when staff members were forced to start working remotely. Many companies didn’t have remote working policies, and over time realized the importance of creating them.
It’s now becoming more commonplace for companies to have a dedicated remote work policy and this should ideally also include a cyber security policy to help protect digital data and information.
When establishing the remote work policy, these are some things to consider as part of the section on cyber security:
- Clearly define which types of job roles can work remotely. There may be certain roles that, for security purposes, need to be fulfilled in-office.
- Create a specified list of cyber security tools, software and apps that employees should be using and which ones they may not use. This includes which video conferencing apps and software they can use, and where to store company data.
- Make it very clear what the process is for when an employee thinks their account may have been compromised or hacked.
- The policy may even require all staff working remotely to ensure that sensitive company information (whether stored on devices or other formats), must be stored in lockable cabinets or desks that are burglar-resistant. This may help ensure that when devices aren’t being used, that they are not susceptible to theft.
- Companies can also detail what should happen to the information that needs to be disposed of – for example by requiring paper shredding for printed documents.
- The company remote work policy should also make it clear what the implications are for a breach, violation or non-compliance with any of the terms.
Final thoughts on remote working security tips
Remote working may be seen as convenient and beneficial for both the employer and employee, but there are also many remote work security risks of working off-site. This is particularly true when it comes to cyber security. When employees work remotely, they may unintentionally put your entire company’s security at risk. This can be done by using unsecured internet connections, being negligent with the storage of company devices and data, or falling victim to phishing scams.
Many employees don’t have the training, skills or awareness to know how to protect their devices from cyber attacks. That’s why it is also important that companies support and capacitate their staff to identify risks, to know what to do should they suspect a breach, and to support them in getting the right security software and hardware to prevent cyber attacks.
It’s also important for companies to be aware of the risks associated with working remotely, so that they can think of solutions and how to mitigate these risks. It is helpful for employers and employees to have a shared understanding of risks and solutions, which should be clearly defined in a remote work policy. This helps employees understand their roles and responsibilities and the consequences for non-compliance or security breaches.