Remote work has become a highly popular and common practice around the world. According to the latest International Workplace Group report, 50% of employees globally are now working outside of their main office headquarters for at least 2.5 days per week. 80% of the same survey respondents indicated that out of two similar employment offers, they would decline the one that doesn’t offer the remote work possibility. What’s more, 75% of people consider flexible working to be the new normal. So it’s clear that remote work is here to stay.
However, while this practice increases flexibility, improves productivity and enhances work-life balance, there’s a downside to it. The problem here is that there are real cybersecurity issues with remote work that put your company’s sensitive data at risk.
Cybersecurity and Remote Work Statistics
In a recent study, OpenVPN reported that 90% of IT professionals believe remote workers are not secure. At the same time, over 70% think remote staff poses greater risk than onsite employees. So, the good news is that experts are actually acknowledging the security risks of remote work and this is the first step towards addressing the issue.
Image source: Openvpn.net
The Cybersecurity Issues with Remote Work
You may have a fully remote workforce, people who work from home from time to time, or employees who frequently go on business trips. And without a doubt, it’s more difficult to take care of their security than it is to manage your on-site endpoints.
Here are three bad habits related to remote work that your remote workers may be making that endanger your organization:
1. Accessing sensitive data through unsafe Wi-Fi networks
Your employees’ could be connecting to their home wireless network or accessing their corporate accounts using unsecured public Wi-Fi. This way, malicious actors nearby can easily spy on their connection and harvest confidential information. For instance, data sent in an unencrypted form in plain text might be intercepted and stolen by cybercriminals. For this reason, your employees should not be allowed to access any unknown Wi-Fi networks unless they are using a VPN connection.
2. Using personal devices for work
46% of employees admitted to transferring files between work and personal computers when working from home, which is a worrying practice.
At the same time, a trend of allowing employees to use their personal devices at work, commonly referred to as “Bring Your Own Device” or BYOD policy, has appeared.
You need to be fully aware of the issues involved by your employees using their personal devices for work-related matters. For instance, they may suddenly leave the company and hold on to the confidential information that has been stored on their device during their employment and you will not get the chance to erase it.
What’s more, they may not be keeping their software up-to-date, which opens up security holes in your environment. We keep stressing the importance of applying software patches in a timely manner and for a good reason.
Consequently, we would advise against letting your employees use their personal devices at work since it would be difficult for you to control what happens on their endpoints.
3. Ignoring basic physical security practices in public places
Even if cybersecurity is our focus, we can’t completely leave physical security behind when it comes to your company’s sensitive information. For example, there are employees who may be talking loudly on the phone while working in public places, expose their laptop’s screen for the entire crowd inside a café to see or even leave their devices unattended.
Teach your employees even the most basic security measures, even if they may seem like common sense at first glance. A friendly reminder for them not to expose the data of your business will always be of great benefit.
Creating a work-from-home security policy
So, how do you protect your company’s private data when you can’t fully control the devices used to access your network? Where should you start to make sure your remote workforce is secure?
The first step is to create a security policy specifically designed for remote workers. 93% of the IT professional interviewed in the OpenVPN study already have a formalized remote work policy in place and this quite impressive and reassuring.
Below are the essential security clauses that should be included in your remote work policy:
- Clearly define which positions are eligible for remote work.
Be transparent towards your employees. Everyone should be aware which job functions are allowed to work remotely are which are not due to security reasons. Unfortunately, not every position is a good fit for remote work. If you don’t have a clear guide in place, chances are your work-from-home approvals will be judged as unfair.
- List the tools and platforms they should be using.
Both your remote and on-site employees should be on the same page at all times and use the same approved tools, such as cloud storage platforms, communication/video conferencing tools, project management tools, etc.
- Provide employees with steps to follow at the first signs of account compromise.
If they believe the company’s information has been compromised, they should have a clear guide to follow, such as where they should report the incident, be instructed to immediately change their passwords, etc. These steps should be included in their mandatory cybersecurity training, alongside other items such as how to create strong passwords.
What Solutions Your Remote Workforce Should Use For An Increased Security
Here are the fundamental tools that both your regular and remote employees should have installed on their devices:
1. Multi-factor authentication
This type of authentication will act as an additional layer of security on top of your remote employees’ accounts. The more security layers in place, the little the risk of a cyber-criminal to gain access to your sensitive systems.
2. Password Manager
Besides multi-factor authentication, in regards to passwords, your employees should also be using a password manager. This way, they will not need to remember all of the different passwords that they need to set up for their work-related accounts.
VPN connections are crucial when your employees connect to unsecured networks, such as Wi-Fi hotspots, even when they work from home. It’s recommended for your employees to be using your company’s VPN. What this tool does is it routes the traffic through the internet from your organization’s private network, ensuring even more security. Basically, anyone who tries to intercept the encrypted data will not be able to read it. And this way, your employees will be able to connect to your company’s intranet, the private network designed to be used only by your company’s staff (in case you have one).
A firewall will prevent unauthorized access to and from the network, further strengthening the security of your employees’ devices. What firewalls do is they monitor network traffic, at the same time finding and blocking unwanted traffic. So, firewalls are important tools that will protect your remote endpoints against various cyber threats.
5. A strong EDR solution
Last but not least, your system administrators should be able to see the exact details of your endpoints at all times. This is why it’s recommended you deploy a complete endpoint detection and response (EDR) solution, that will allow you to remotely prevent next-gen malware, data leakage, respond quickly to threats, and automatically manage software deployment and patching.
It’s crucial for you to remain innovative and competitive in the current business landscape and allowing your employees to work remotely is definitely a necessary step. Yet, remote work comes with security risks that you should address before you allow anyone to work from outside the office – no matter if we’re talking about permanent remote workers or the ones who do it just a few hours per month. However, only when you will correctly respond to this challenge, will you be capable of fully seizing this opportunity that increases talent retention, productivity, and improves your staff’s work-life balance.
The post What Are The Cybersecurity Issues With Remote Work appeared first on Heimdal Security Blog.