[By Greg Hatcher, Founder & CEO — White Knight Labs]
Remote work surged in popularity out of necessity during the COVID-19 pandemic but seems to be here to stay, thanks to its unique advantages. One study by Upwork estimates that 22% of the American workforce will be working remotely by 2025. However, with the rise in remote work also comes an increase in cybersecurity challenges spurned by the circumstances of remote work.
Cybersecurity in an office setting is relatively straightforward, as the IT department can manage a firewall that can help protect on-network devices from threats. Of course, some threats — such as email scams — may still filter through, but the office setting is generally much more controlled. Many more endpoints must be secured when dealing with remote employees, as they represent potential vulnerabilities for the organization and its data.
Cybersecurity challenges in a remote work environment
While some cybersecurity threats of the in-person workplace remain after transitioning to a hybrid or remote environment, others are more specific to remote work settings. A few common cybersecurity threats include:
- Weak passwords: Whether in-office or working remotely, weak passwords remain one of the most common threats to an individual’s cybersecurity. Reused passwords are particularly dangerous for remote workers. If their online behavior for personal use compromises one of their passwords, and the employee reuses this password for one of their work accounts, the hacker could access the organization’s sensitive data.
- Ransomware: Ransomware attacks gain access to critical systems and extort money out of the victim to return the data. Due to the increase in the use of software like virtual private networks (VPNs), virtual desktop infrastructure (VDI), remote desktop protocol (RDP), and cloud storage in the light of remote work, bad actors have more targets for their ransomware attacks. Remote workers must remain hyper-vigilant of potential ransomware attacks — such as phishing scams or trojan horses — to protect their and their company’s data.
- File sharing: To better enable collaboration, many companies have begun using software like Dropbox or Google Drive to share files, but these cloud-based file-sharing services present a cybersecurity risk to companies because they offer an easy route for wrongdoers to disseminate malware to the entire organization. Virus-scanning software can help users detect corrupted or infected files before downloading them.
- Unsecured Wi-Fi: In the era of remote work, many individuals have turned to public spaces, such as coffee shops or restaurants, to provide a change of scenery from their home office. However, with public places come unsecured Wi-Fi networks, which can pose a substantial cybersecurity risk. Hackers can take advantage of public Wi-Fi’s lack of security measures to steal information like passwords or even take over accounts entirely, though this can be resolved by requiring employees to work only from secured personal networks.
- Personal devices: Another substantial cybersecurity risk companies face during remote work is using personal devices for work purposes. Although individuals tend to be more careful with work-issued devices by only visiting safe, work-related sites, they visit a wider variety of websites on their personal devices. When there is a cross-over, employees’ work accounts could be compromised by their personal activities. At a minimum, employees should set up separate user profiles on their devices for work and personal use.
Endpoint security for remote workers
Endpoint security is the practice of securing the network endpoints, which are the devices used to access the organization’s data, including laptops, tablets, smartphones, and any other device. In an office setting, many of these endpoints are company-owned and managed, but when dealing with remote workers, these devices are owned and managed by the individual.
Still, employers may institute specific requirements to ensure their data is secure despite devices being owned by the user. Some of the most common methods of protecting endpoints in remote work ecosystems include:
- Strong passwords: The first and most crucial step employees should take to protect their data in a remote work environment is always using strong passwords. Regardless of whether the account is for work or personal use, it is essential that passwords are not reused and that they have an adequate level of complexity to make it more difficult for hackers to get into their accounts.
- Home networking: Remote employees should take care only to work from networks they know are secure, such as their homes or family’s homes. Furthermore, proper security measures should be put in place on these networks to protect them from outside threats. For example, the password on the Wi-Fi network should be strong and not something that can be guessed by someone else, such as a phone number or pet’s name.
- Antivirus and internet security software: Employees using personal computers and other personal devices must use sufficient antivirus and internet security software. These programs offer a line of defense when a user makes a mistake and accidentally leaves themselves vulnerable to malware attacks.
- Email security: Implementing robust email security practices can also help protect remote workers’ cybersecurity. A strong spam filter can flag any suspicious emails an employee may receive, ensuring they do not accidentally open attachments, and many email hosts offer features that let users scan files for viruses before downloading them.
- Identity management and authentication: Companies transitioning to hybrid and remote work environments should also invest in identity management and authentication procedures. For example, two-factor authentication (2FA) requires users to authenticate their identity before accessing sensitive data. This ensures that even if a user’s passwords are compromised, a hacker cannot access the accounts without physically possessing the user’s device.
However, the most effective method of cybersecurity is a proactive approach. Educating employees about best practices is the best way to ensure that data remains secure. For example, employees should be taught about safe email practices and how to vet if an email is legitimate — even if it comes from a seemingly trustworthy source, as it could be a hacker impersonating someone known to the user.
Remote work has offered numerous benefits for workers and organizations alike, but just because employees are no longer in the office and are not using company-owned devices does not mean the responsibility for cybersecurity goes away. Organizations must protect their data by implementing proper security measures and educating employees about responsible practices.
Ad