As we’ve spoken about before, remote working boomed during the coronavirus pandemic, and has retained a lot of its popularity. Now, in 2024, 14% of employees work from home (ONS). This is still a significant growth in comparison to pre-pandemic stats and won’t be decreasing anytime soon.
While remote working comes with a host of benefits to employee wellbeing, talent availability, and productivity, it comes with its fair share of cons. The biggest disadvantage to remote working (from our point of view) is the heightened risk to cybersecurity.
The top 5 concerns regarding remote working, from a cybersecurity specialist.
Unsecure Wi-Fi networks
Home Wi-Fi networks aren’t built like business networks. Business networks are set up and managed by pros with specialised network security knowledge – instead of the default settings chosen when setting up home networks. These default settings come with simpler security measures which aren’t as robust. Plus, home networks don’t have firewalls, intrusion prevention systems, or VPNs.
All of this means there’s an increased risk of unauthorised access and therefore a higher risk of data breaches, malware, or ransomware.
Higher risk of successful phishing attacks
Remote workers often work completely alone. This is great for productivity, but autonomy isn’t always a good thing. This leaves remote workers to make their own decisions on potential phishing emails. Remote workers have limited immediate assistance from colleagues, so it’s harder to quickly verify the legitimacy of suspicious emails, increasing the chance of a successful attack. Having a direct phone number to an internal or external IT support team dramatically reduces this risk.
Remote workers are also more likely to communicate digitally and often have inconsistent security practices in comparison to office staff, which further increases the risk of successful phishing attacks.
Weak security practices
Employees are more likely to bypass security protocols when working from home, such as ignoring software updates, not using a VPN, and using weak passwords. With no one else around to remind them, offer advice, or hold them accountable, employees often skirt past these security practices out of ease or habit, putting the company at risk.
Using personal devices
Office workers have access to company phones and devices, whereas remote workers are more likely to have a BYOD (bring your own device) policy. Often, remote workers opt for their own devices simply out of convenience. Providing company devices to every employee is expensive, so remote workers are more likely to be the employees left to provide for themselves.
However, personal devices lack the security controls (firewalls, antivirus, security patches) that company devices have, and they may have unregulated software that could introduce security vulnerabilities. Data leakage is also potential, due to the lack of proper data encryption, and personal devices could also lead to unintentional data sharing through email, social media, cloud services, or shared usage.
Working in public places
When working remotely, employees can work from anywhere. While this is mostly from home, some employees will choose to work from shared working spaces, libraries, or coffee shops. Working in public places poses a significant risk to businesses, as these environments have public wi-fi networks that are often unsecured and more susceptible to attacks.
There is also the risk of eavesdropping by malicious actors, who could observe screens or listen into conversations to gain access to confidential information. Of course, there is also the risk of device theft or loss when out and about with company property, which could provide direct access to company data.
Overall, it's the expanded attack surface that's the biggest threat to remote workers. This means there’s an increased number of potential points where unauthorised users can attempt to extract data from an organisation’s systems. An expanded surface becomes more difficult to defend against cyber threats, due to the increased number of vulnerabilities to secure.
Improving remote working cybersecurity
There are several steps companies can take to mitigate the risk of remote working - all of these steps are recommended for office-based staff too, as they're standard cybersecurity practice.
- Require multi-factor authentication (MFA) on all accounts, as an extra step to keep malicious actors out.
- Provide regular cybersecurity training and awareness sessions, including phishing simulations, to keep employees up-to-date and on their toes.
- Apply zero trust policies, so only those who need it have high level or admin access.
- Establish clear BYOD policies and implement mobile device management to keep devices secure.
- Monitor network activity to spot anything suspicious or unusual.
- Require regular software and firmware updates across all devices - personal and work.
- Create separate networks for work and home devices, as extra precaution.
- Implement advanced security tools, such as EDPR.
- Require the use of VPNs to increase the security of remote connections.
To increase the security of your remote workers, visit this page and complete the enquiry form. We’ll then have a chat about how we can help you create a more secure home working environment, including all of the above steps.