For many businesses, remote working has become a normal practice. Working away from the office had been on the rise for the past few years, but many organisations were pushed to begin embracing it from March 2020.
Since then, businesses have solved teething issues like remote collaboration and a lack of equipment. But what about the security implications?
Remote working brings with it a new set of cybersecurity challenges. We already know that your employees are your weakest link when it comes to your IT security; 95% of security breaches begin with a human error. Cybersecurity education is vital to ensure that your remote working policies are followed closely.
This education begins with ensuring your workforce does not make some of these commonly made mistakes.
Switching between personal and work devices
Remote working can blur the lines between business and personal life. That means employees could slip into bad cybersecurity habits – for example, using work devices for personal tasks and vice versa.
A survey by IBM found that over half of remote workers use a personal device to carry out their work. Business data is more likely to be compromised on a personal device, especially if people external to the business are using it. Employees won’t have business-grade security solutions installed on their personal devices and, with no IT supervision, they may have unknowingly installed malware or bloatware.
Equipping your employees with up-to-date technology will mitigate this risk. But if that’s not possible, there are other options. Implementing cloud-based solutions for communication and file storage can ensure they’re protected. Data-loss prevention tools will also add a layer of security to their personal devices.
Clicking on dangerous links
This isn’t a risk only associated with home working, but it’s amplified in this setting. Phishing emails in the UK increased by an eye-watering 667% in the early stages of the pandemic. The analysis recorded 1,188 phishing emails in February, rising steeply to 9,116 in March.
Cybercriminals are also taking advantage of the pandemic itself. The study found that 2% of phishing emails were COVID-themed, capitalising on widespread fears about the virus. Some scam emails are impersonating the World Health Organisation (WHO), leading it to issue guidance on spotting fake emails.
Education is vital to avoiding falling victim to an email-borne cyber-attack. By empowering your employees to spot the signs of a suspicious email, file, or link, you’re strengthening your first line of defence. You can educate your staff in many ways, from mandatory training courses to tools which simulate phishing attacks. One of the best methods is to tap into the expertise of a managed IT services provider; it’s their job to hire the best cybersecurity professionals.
Employees aren’t installing vital security updates
It’s easy to fall into bad cybersecurity habits without the watchful eyes of your IT team. That’s certainly the case for 20% of remote workers who are not regularly installing updates for the tools that enable them to work from home, such as Zoom.
Many people see software updates as a nuisance. That’s why education is again vital to helping your people understand their importance. But having a back-up plan is important, too. There are tools you can use to force your users to update their devices within a certain timeframe.
Education will also help your people to understand why they should install updates on their mobile phones.
Employees haven’t enabled multi-factor authentication (MFA)
A strong cybersecurity defence includes strong password policies – however, this can often be overlooked or even put aside for most employees as something ‘to do later’. Sometimes their passwords might also not be strong enough to fight against cyber hackers.
With that being said, the risk of passwords being compromised can be mitigated by including the use of multi-factor authentication (MFA).
MFA is the process of employees providing multiple forms of verification to prove their identity before logging into secure business systems. This simply means that when an employee attempts to log in, it can ping an approval request to their mobile phone. It also then considers other forms of user identification such as biometrics.
An MFA system can even be set up to require authentication repeatedly on a cycle to safeguard business systems in the event a remote employee leaves their machines unattended for a period of time.
In the event there is suspicious activity, such as an employee receiving an approval request despite not logging into their account, they can send this to your IT team to investigate and stop potential hackers in their tracks.
Utilise remote working safely
Remote working has a lot of benefits, including increased productivity, improved employee mental health, and reduced costs in office space. But it also has its challenges. Barry O’Donnell, Operations Director at managed IT services provider: TSG, says, “We’ve advocated the benefits of remote working for a long time, but it’s not without its challenges.
“We’ve identified the most common security threats for remote employees, so businesses aren’t punished for keeping their employees safe and productive. The fixes we’ve recommended aren’t costly or time-intensive, so organisations will be able to make their remote workforce secure in no time.”
Cybersecurity should always be a high priority for businesses, but it takes precedence for organisations with a high percentage of remote workers. By putting these measures in place, you can rest assured that your remote workforce won’t compromise the security of your business.
Bio:
Barry O’Donnell is the Chief Operating Officer at TSG, offering managed IT services in London, with expertise across a range of areas including Office 365, Dynamics 365, document management and business intelligence.
Sources:
https://www.infosecurity-magazine.com/news/covid19-drive-phishing-emails-667/
https://www.itgovernance.co.uk/blog/the-cyber-security-risks-of-working-from-home
https://www.wrike.com/blog/tips-avoid-remote-work-security-risks/
https://blog.usecure.io/the-role-of-human-error-in-successful-cyber-security-breaches