More and more companies are letting their employees work from home. In fact, millions of workers reported working remotely in 2019, and there's a clear trend forming with remote work becoming more and more accepted.
And it's easy to see why. Remote working allows employees the flexibility and autonomy of working where and when they want, increasing productivity and reducing stressors such as commuting or office politics. More and more employers are starting to view offering work from home as an essential part of attracting and retaining top talent and reducing business costs.
This trend will only be strengthened with the recent Covid-19 lockdown restricting movement and physical contact between individuals. All across the US, companies are rapidly enacting measures to protect the health of their employees – including instituting remote working policies when possible. More than 30 million office workers in the US will be working from home due to the coronavirus, according to the US Bureau of Labor Statistics.
Many organizations have already developed secure systems to support remote working, and there's a huge offering of tools to make working from home more efficient. However, changing the way businesses operate on such a grand scale can lead to severe disruption and exposures. Nowhere is this more pronounced than in the increased vulnerability to data breaches and cyber-attacks.
Let's discuss the potential cyber risks and exposures of working remotely, and what your company should do to minimize them.
Cybersecurity Risk Factors of Working Remotely
Using Unsafe Wi-Fi Networks
Employees using their home WIFI networks for work or accessing their business accounts using unsecured public Wi-Fi could lead to severe exposures. In an office environment, most employees will be connected to business servers by Ethernet cables or will access a protected Wi-Fi network, which ensures that all data is kept secure. Additionally, most businesses have security systems set up – firewalls, encryption protocols, and blacklists of dangerous IPs that reduce the risk of cyber attacks considerably.
Without these protections, it's easier for cybercriminals to compromise home or public networks and spy on the employees' connections, which would allow them to access confidential information and more easily compromise the company's cybersecurity.
Social engineering scams and phishing attacks are the leading cause of data breaches. Cybercriminals send seemingly legitimate, deceptive emails with malicious links or outright requests for sensitive information. Once an employee clicks on this malicious link or sends over information willingly, a cybercriminal can access the employer's devices or business accounts.
Phishing attacks are a serious problem even without the added risk of working from home.
Working remotely and strictly communicating online makes fake messages harder to verify, and easier to trick their potential victims. After all, it's entirely natural for an employee to be asked to complete a quick task or provide sensitive information via email in this new, remote working environment. And without the possibility of checking face-to-face, it's easier for employees to fall prey to one of these tactics.
There has been a 600% increase in reported phishing emails since February, with many of them taking advantage of the confusion and uncertainty caused by the Covid-19 pandemic.
Attacks on the New Infrastructure
Remote working won't just worsen the existing cybersecurity concerns. Companies looking to support their employees working from home will rapidly be creating additional online infrastructure. This will mean increasing their communication and collaboration capabilities, adding new data storage and processing solutions, and creating tools and services to allow their employees to remain productive and efficient.
This increase in infrastructure will create more entry points for cybercriminals, and reduce the time IT departments will have to test and set up the necessary protections. The larger internet-facing perimeter will make companies more vulnerable overall, but especially increase the risk of attacks on the company's servers and DDoS (distributed denial-of-service) attacks. A DDoS attack disrupts the normal functions of a company's server, service, or network by flooding it with unwanted internet traffic. And with everyone working remotely, these attacks will be more dangerous than ever. An attack could cripple the whole company by preventing remote workers from accessing the necessary tools and services to carry out their duties.
Managing the Cybersecurity Risks of Remote Working
We've covered how switching to remote work can negatively impact your cybersecurity efforts and create new avenues of attack for cybercriminals. Now let's dive into what your company could do to prepare for these attacks and how to manage the increased cyber risks.
Raise Cybersecurity Awareness
It's more important than ever for every employee to understand the importance of cybersecurity. Conducting company-wide security training and creating materials such as self-service guides, cybersecurity checklists, training videos, and FAQs that will help your employees understand the potential threats and how to do their part in keeping your systems safe. A joint effort by everyone in the company will help your IT department immensely.
Ensure Device Security
All devices that your workforce uses should have only approved applications installed and have all the necessary cybersecurity tools. Conducting an inventory of all devices that are being used is a good idea, and will help ensure that no unauthorized devices are accessing your systems.
Ensure Safe Connections
All access to your networks should happen through virtual private networks (VPNs) with two-factor authentication enabled. This will prevent cybercriminals from gaining access to the sensitive data transferred by your employees.
Provide Your Employees with the Right Tools for Remote Work
Your remote workforce should have access to licensed and secure tools for communication and collaboration. These tools will enable your teams to work more productively while preventing the proliferation of questionable software and services that could compromise your cybersecurity.
Invest in Insurance
Data breaches and cyberattacks can be financially crippling for most companies. This is why it's wise to manage this potential fallout by investing in insurance. The right cyber insurance policy will enable the company to transfer most of the costs associated with cyber-related attacks to the insurer. A preferred policy will offer both first-party and third-party coverage. First-party coverage includes the cost of business interruption due to the attack or breach, computer forensics to discover how and why it occurred, expert audits and improvements to your cybersecurity, notification of the potential victims, credit monitoring services, and reputation management. The third-party coverage will protect you if you are sued for financial damages that result from the data breach.
Guest post courtesy of Obren Jankovic