Dangers and risks for businesses associated with remote work
According to a recent study from OpenVPN, more than 90% of IT professionals believe that remote workers in their company are not sufficiently protected in terms of cybersecurity, while 70% believe that remote workers carry more serious risks than ordinary office workers. Here are just the most basic cybersecurity challenges businesses face with remote work.-
Access to corporate data through unsecured home Wi-Fi networks.
Very often, remote employees connect to corporate networks and use work accounts through unsecured public Wi-Fi connections. This makes it easy for attackers to access their connections and steal sensitive information. Data that is sent unencrypted over regular Wi-Fi networks is very easy to intercept. That is why remote workers are advised to connect to unknown Wi-Fi networks only when using a VPN.
-
Use of personal devices for work.
46% of company employees surveyed admitted to transferring files from work devices to home devices at least once. It is easy to understand that such practices lead to a number of risks. For example, a home device with sensitive company data might be stolen, or an employee might just quit, leaving corporate data on their home device. And if the device software is not yet updated in a timely manner, this opens up a whole bunch of different kinds of vulnerabilities.
-
Non-compliance with the confidentiality regime and disclosure of corporate data in the course of work.
Despite the fact that cybersecurity vulnerabilities are the most common cause of information leaks and hacking of corporate networks, problems often arise simply because of non-compliance with the minimum rules for safe and confidential work. For example, when an employee discusses work projects loudly on the phone or works in a public place so that other people can see his computer screen. Many go off altogether, leaving their devices unlocked.
-
Use of third party tools and platforms.
Another harmful and very dangerous phenomenon, not only in terms of business processes, but also cybersecurity, is the use of third-party tools and platforms by remote employees of companies in their work. If, for example, an employee uses an old version of a poorly protected messenger, stores files on a suspicious and little-known cloud platform, or uses open software products with poor protection that are not approved by the company, the risk of leaking corporate information, which is already rather big, increases significantly.
-
Failure to comply with corporate cybersecurity regulations and leak reporting.
Many small companies don't have any cybersecurity rules at all, and even when they do, they are often ignored by employees. Especially when it comes to reports of information leaks, which were not large enough, according to the employee.
How to strengthen your security while working remotely?
Despite the fact that confidential data leaks primarily harm companies, for the employee who leaked, this also does not bring anything good, and threatens at least the reputation of a careless fool, and at the maximum - dismissal or even, in some cases, prosecution. Let's go through the most basic cybersecurity tips and tricks for working from home.-
Security of network connections.
Since the vast majority of remote workers use unsecured public Wi-Fi networks to connect, the first and foremost recommendation from experts is to use a VPN for work, always and without exception.
“Always use a VPN when connecting to your organization's internal network. This helps prevent most man-in-the-middle attacks. Also make sure your VPN is updated regularly, and be sure to use multi-factor authentication as another layer of protection,” advises Guy Bruneau, senior cybersecurity consultant at Canada-based IPSS.
-
Work device security.
In some cases, employees simply have no choice and are forced to use personal devices to complete tasks. However, the very fact of using personal devices at work is one of the main sources of problems.
“It is desirable that employees have access to the internal network of the organization only from devices owned by the company, and all these devices are under the control of the technical support team. If an employee is forced to use a personal device, it should at least be pre-screened for underlying vulnerabilities. It also makes sense to limit the ability to store, download and copy data to personal devices,” said Tony Anscombe, Chief Security Evangelist at antivirus developer ESET.
-
Authentication and authorization.
Of course, remote work greatly increases the need for multi-factor authentication, access control, and strong passwords.
“Make sure you use strong firewalls and passwords when accessing company systems. Find a decent identity and access management software solution that can help you automate switching and granting different levels of access and technology to remote workers,” recommends Joseph Carson, Principal Security Officer at Thycotic.
-
Protect communication channels and collaboration applications.
The rise of messaging and collaboration apps like Microsoft Teams, Slack, WhatsApp, and others has created yet another channel for hackers to access corporate networks and sensitive data relatively easily.
“One of the problems with platforms like Microsoft Teams or Slack is that they were never designed for secure corporate use, and therefore cannot guarantee the security of the data transmitted through them. Therefore, it is important to pay as much attention as possible to the control of the use of these platforms,” said Anurag Lal, President and CEO of NetSfere.
Short Tips
That was the basics, and here are some more short tips to follow when working remotely so as not to be in the unpleasant role of a fool who framed his company through carelessness.-
Be careful with email.
Email phishing is still one of the main and favorite methods by which cybercriminals infect computers of ordinary users with malicious code and find victims of attacks and data theft among companies.
-
Encrypt important information.
Important information primarily includes personal, medical, and financial information that may be stored on remote devices. Full-fledged encryption in most cases helps prevent leakage if the storage media is lost or fell into the wrong hands.
-
Be aware of your surroundings when working in a public place.
If you work in a coffee shop or other public place, it always makes sense to make sure your laptop screen is not being viewed by other people.
-
Monitor the physical security of your devices.
Never leave your laptop or other devices in your car, remember to close the doors and windows in your home, and follow other basic tips to help reduce the chance of your device being stolen.
GO TO FULL VERSION