Remote work has become part of many fields, and it is likely to last beyond the COVID-19 public health crisis. However, as a business owner or IT professional, it’s vital to recognize the increase in risk to your company that comes with remote work.
Internet Access for Remote Work
Many companies sent employees into remote work environments without significant preparation. Unfortunately, while your company may have all the proper security measures, that does not mean employees have the same security measures at home to protect company data.
For example, Wi-Fi access points can be set up with varying levels of security. Some employees may only have a five-character password on theirs, use coffee shop Wi-Fi, or share an access point with a whole apartment building. Without proper education, employees will continue to endanger company data unwittingly.
Physical Security
While your offices may have security measures like access control, work devices at your employees’ homes are not usually protected in the same way. As a result, even something as simple as an employee working remotely and forgetting to lock a screen can become a data breach.
Additionally, employees working from public places constitute a unique cybersecurity concern. A moment of inattention can result in the devices going missing or becoming damaged. Unfortunately, these are not rare occurrences.
Targeted Cyberattacks
Cybercriminals are also aware of how remote work has become increasingly the norm without proper infrastructure and security. Many businesses have not invested in proper security practices for their edge networks. It’s important to ensure company networks are hardened against common attacks from the internet such as common attacks like DDOS.
While VPNs take a significant amount of risk out of remote work, a VPN is only as good as its connection. If a cyberattack occurs on your business that disrupts the internet connectivity at your office it can prevent employees from being able to connect to the VPN to begin with. In that case, your employee cannot work and loses productivity for the day.
Lack of Work-Life Divide
Remote work may benefit many people, but it also has drawbacks. One of them is the blurred line where the clear delineation between work and home was. In addition, the extended hours make employees more likely to make small mistakes at work.
A recent survey also found that half of office workers see their work device as a personal device. This can make employees more careless when it comes to cyber threats. As an example, they may download and install applications that expose more risk to the business. It becomes crucial that devices being used at home are monitored properly for good security hygiene. Introducing not only anti-virus, but also new technologies like EDR (end-point detection and response) is essential. EDR can help to monitor company assets for not just regular malware infections, but also strange behaviour on a workstation that may indicate malicious software or security breaches.
Phishing and Other Attacks During Remote Work Periods
Unfortunately, cybercriminals know how many people are working from home as well as you do. That means increases in email-based attacks like spear-phishing or CEO fraud are on the rise. Educating and testing employees is often the best way to manage this risk.
Web application cyber attacks are another risk, and often pose a more sophisticated type of attack than an employee clicking the wrong ad online. Hackers can add malicious code on sign-in, alter database records, and steal your employee’s credentials using these constantly available applications online.
Ongoing training, security scanning, and application hardening are the best ways to avoid these varieties of cyber attacks, especially during the current remote work environment. If you do not control the web app, ask the vendor what their procedures are. They should be able to answer the question thoroughly.