The world continues to grapple with the long term impact of the COVID-19 pandemic, and organisations are compelled to sustain remote working arrangements for their employees. In the haste to quickly adapt to the new and evolving work environment however, it appears that one essential concern has taken a back seat: security.
IT company Hewlett-Packard recently released Blurred Lines & Blindspots—a comprehensive global study assessing organisational cyber risk in today’s remote working era, and in it, a number of worrying, albeit unsurprising, findings were revealed. Of the over 8,000 office workers surveyed:
70% admitted to using their work devices for personal use;
- 69% disclosed that they were using personal laptops for work; and
- 30% said they allow others to use their work devices.
These are all practices that create additional vulnerabilities for organisations and their data. Indeed, while work from home arrangements have their benefits, they also come with their own set of security challenges. Let’s get to these issues one by one.
Common security risks with remote working
-
Phishing schemes
Even when we’re well into the digital age, phishing schemes still top the list of security vulnerabilities. The modus operandi for phishing is simple: User receives a message, usually through email, from a seemingly legitimate source complete with an official-looking logo and email address. The message is designed to trick the user to click a link that would download malware to the device or to provide login credentials or personal data that could be used for fraudulent transactions.
Remote working has made employees more vulnerable to phishing because many are using personal laptops for work which are not equipped with the same safeguards as those on corporate-owned devices. Plus, it’s easy to make errors in judgement when a user is stressed or distracted with home tasks, and given that many phishing emails are COVID19-themed in the form of fake charity, health alerts, and government updates.
-
Insecure home networks
The internet may seem ubiquitous these days, but the fact is, reliable and secure internet isn’t accessible for all remote workers. Some of them may opt to work instead from coffee shops which provide public networks that are far from safe. Users of public wifi are at risk for unencrypted connections, data theft, session hijacking, and other dangers.
Those who are able to work from home using their own wifi are sadly, not that safe too. Unlike corporate networks that have firewalls to monitor for any malicious activity, most home wifi networks are not protected by the same security initiatives. Users also rarely bother to update their home router software which adds another security risk factor.
-
Working from personal devices and computer sharing
Whether by choice or out of necessity, the reality is that many employees working from home are using their own personal devices, and are even sharing this same device with other household members. Personal computers and laptops are nowhere near as secure as desktops in the office and company-issued laptops.
Sharing of computers also contributes to the risk for remote workers and the organisations they work for. A teenaged son/daughter, for instance, can inadvertently download malicious software from their digital games or from browsing social media sites. Other users can fall victim to phishing schemes too, and when that happens, it puts all the files and data in that particular laptop or PC in danger as well.
-
Weak/shared passwords
It’s already 2021 and poor password practices are still very much an issue. For one, many employees continue to use weak passwords while working remotely. This purportedly allows them to remember passwords easily without needing assistance from remote IT support. But then again, this practice also makes it easy for malicious actors to access their devices and walk away with sensitive information.
In addition, when employees share devices with a housemate or family member, chances are, the password to that PC/laptop is shared too. Worse still, many users admit to using the same password across different applications — from social media accounts to work systems. Once a password is compromised or stolen, both personal and work information are at risk.
How to address remote working security challenges
Organisations that are serious about minimising security risks from a remote workforce should evaluate the practices of their employees while working remotely. Here are some tips that can help address the current security challenges:
-
Ensure that employees engage in smart cybersecurity behaviors
Just because employees are working from home, doesn’t mean they can let their guard down. It’s essential for businesses to remind employees of the risks they face and what they can do. Security training should be given to all to boost awareness on phishing attacks, password protection, the importance of software updating, and others.
-
Have clear security policies in place
While a lot hinges on how employees conduct their work outside of the office, the company itself should have policies that set clear security guidance. For instance, are employees allowed to use personal devices? Can they work outside the home and connect through public networks? Make protocols unambiguous and accessible to all employees.
-
Provide top-notch remote IT support
Remote workers need to be assured that they can still rely on IT people if they run into technical problems. A remote IT support team also helps ensure that employees are able to follow remote working best practices because they can consult with the right people immediately should they need assistance in password resetting, dealing with spam emails, software updating, and others.
-
Use cloud solutions
There are many applications available today that address the security risks of remote working. Desktop-as-a-Service (DaaS) for example, allows employees to access virtual desktops and applications over the internet while sensitive data remains in the company’s (or the third party provider’s) secure servers. Employees may also use cloud storage solutions when saving their work and other data. This reduces the chances of important information falling in the wrong hands in case a device is stolen or compromised.
With remote working becoming more prevalent, companies should be ready for the security risks that come with it. If the measures you’ve implemented so far seem inadequate for the need, it’s time to consult an IT managed service provider to see what else you can do to have your mobile workforce work safely and securely.