Fundamental Cyber Security for the Remote Worker
The necessity for remote work due to pressures on public health caused by Covid-19 has actually turned into a genuine embracement of the practice. Many businesses have abandoned the idea that the office is the only place where employees are productive, and many cases they have realized their employees are happier and more productive when they are working from home. A great example is an IT support company from London. According to TechQuarters, remote working has been a major success for them – so much so that they have gotten rid of their offices entirely.
Any business can implement remote working. But it should also be acknowledged that there are specific cyber security requirements that come with remote work.
Security Risks of Remote Working
Whether a business is fully remote, or just have a few remote workers, they need to consider the security risks that come with remote work. This is not to say that remote working cannot be done safely, it just means that you specifically need to address those risks so that you can mitigate them. Below are some of the top risks involved.
1. Using Unsafe Networks
A business should have stringent security measures protecting their network, and this extends to remote workers homes. A remote employee will most likely be using their home Wi-Fi network when working; in some cases, they might even connect to public Wi-Fi or mobile Wi-Fi networks, which are highly unsecure. It can be easy for a malicious user to spy on one’s connection when using unsecured networks, and they can even steal data from the user this way.
2. Using Personal Devices
There are some situations where using a personal device for work can be made safe and secure. However, there are many employees who use personal devices without proper authorization by their IT administrators. The problem with this is that if a business is not managing the device the employee is using, then it is up to the employee to keep their device safe – this includes installing antiviruses, keeping their software up-to-date (failing to do so could create vulnerabilities), and ensuring that corporate data is encrypted and segregated on the device. If the proper measures are not being taken, the employee’s device will pose a significant risk.
3. Lacking Physical Security Practices
Cyber security doesn’t all take place in cyber space. Basic physical security practices need to be employed. For instance, shoulder surfing is a practice where criminals can spy on users in public, and quickly discover personal information. Even worse, an employee could be making it easy for people, by speaking loudly about confidential information while speaking on the phone in public.
4. Using Poor Passwords
People use weak and simple passwords in order to make accessing accounts or devices easier for themselves. Unfortunately, it makes accessing those accounts and devices easier for hackers and criminals. Weak passwords is a common and consistent security risk for businesses.
5. Unsecured File Sharing
File sharing is a common practice for employees. Data is either at rest or in transit, and businesses frequently encrypt their data while it is at rest on their networks. However, in transit, data is also vulnerable, and less frequently protected. The fact that employees need to share files frequently is not inherently a security risk, but if a business fails to encrypt corporate data while in transit, and also to establish organizational file-sharing channels, they will be opening data up to loss, attack or theft.
6. Phishing Scams
A frequent security risk whether you’re in the office or at home are phishing attacks. These types of attacks can be directed at both work devices and accounts, and personal devices and accounts. They use various social engineering and fraud techniques to get users to hand over information, or download malicious software that gives hackers access to accounts and devices.
7. Weaker Security Controls
The security controls that a business uses in the office may not apply when employees take work devices home with them and connect them to their home Wi-Fi. What is more, there may be resources that are only accessible over wired networks, and so a business hastily makes those resources available remotely, without replacing or updating the security controls.
How to Protect Remote Workers & the Organization
The good news about remote working is that there is already a lot of solutions available – and which have been available for many years – that allow remote working to be implemented without anymore risk that conventional onsite work. Below are the main solutions that a business should be implementing when they have remote workers in the organization.
1. Users and Practices
The behavior and practices of employees and users is one of the most important defenses. A businesses needs to establish a strong security culture within the organization, which puts emphasis on best practices that users can implement themselves. Some examples of this is educating staff on the common signs of phishing and other social engineering attacks.
2. Application Management
The more applications businesses and employees are using, the more opportunities cybercriminals will have to exploit loopholes and vulnerabilities. Therefore, a company should compare and vet applications, and ensure they have a high level of security before approving them for use. What is more, remote employees shouldn’t be using unapproved applications on a work device. If there is a BYOD policies in an organization, it should include protecting company apps and data on a personal device.
3. Device Management
Work devices need to be properly managed in remote working scenarios. To start with, a remote employee needs to be trained and familiar with the security protocols of whichever devices they are using for remote work. Additionally, physical security measures around those devices (such as locking the screen when the device is unattended) need to be practiced at all times. Additionally, businesses need to also implement solutions that protect and manage those devices remotely – this includes mobile device management (MDM) and unified endpoint management (UEM).
4. Network & Cloud Security
Some remote work network security measures that a business should provide to their remote workers includes using Virtual Private Networks (VPNS); restricting the use of unapproved Wi-Fi networks (for instance, public or mobile Wi-Fi); providing training for employees to educate them on the security and use-cases of different types of networks; and helping employees establish sufficient home network security.