Why Remote Working Leaves us Vulnerable to CyberAttacks
There are significant cybersecurity concerns associated with a remote or hybrid work model. This is an issue that more and more companies will have to grapple with. — in a recent Gartner survey, more than 80% of company leaders announced their intention to allow employees to work from home at least part of the time, even after their offices reopen.
This corresponds with a similar FlexJobs survey, in which 65% of respondents said they’d like to be full-time remote and 31% preferred a hybrid model — a total of 96% who prefer some degree of flexibility in their physical location.
But whether the recent remote work surge is here to stay or not, these security concerns will need to be addressed. Cyber crimes are at an all-time high, and remote employees are especially vulnerable. Here’s what to keep in mind.
Physical Hardware Security
Physical hardware security is simply the ability to keep track of hardware that might have sensitive company or client information on it — typically phones and laptops. If you issue your remote employees with company laptops, you can take all the appropriate precautions concerning login information, encryption, downloading data, installing unauthorized software, and so on. What you can’t control is whether your employee will accidentally leave that laptop at a coffee shop.
This is a more common issue than you might think. According to Security Boulevard, 86% of IT practitioners report that someone in their organization had a laptop lost or stolen — in 56 percent of cases, that loss led to a data breach. If your workforce goes from a few executives or salespeople to hundreds of employees working remotely, the chances of a lost or stolen laptop rise dramatically.
Personal vs. Company Hardware
This issue is compounded even further when employees are using personal hardware. When they’re using work machines, you can at least exercise some control over password protection, data encryption, which networks it will connect to, and which software is installed. In most cases, though, remote workers are using their personal computers, which you can’t control at all.
You can encourage best practices, attempt to keep important data local to the company servers, and implement IT policies to address these issues, but the fact remains that remote workers’ hardware presents significant risks.
Unsecured Wireless Networks
Network security is another significant problem for IT specialists with remote team members. Many of your team members, whether you institute a policy against it or not, will want to work from coffee shops, libraries, bookstores, and other locations with open wi-fi networks.
It’s all too easy for a hacker to set up their own wi-fi hotspot that pretends to be a legitimate wi-fi network, allowing them to intercept all of the data sent through the network. This might include login information, sensitive emails, credit card numbers, and even security credentials.
Even if your employees aren’t connecting to open networks, they’re not necessarily safe. Many people (including individual users) are still using outdated routers with default login and password information, allowing anyone who’s physically in range to take control of the network. A VPN and proper encryption protocols can help, but if your employees are using their own hardware, you can’t force them to use the right tools.
Mixing Personal and Company Data
According to many IT specialists, one of their biggest challenges is the practice of forwarding company data — emails, logins, even sensitive files — to their personal accounts and devices. “One of the main mistakes we’ve seen is moving company data to personal e-mail accounts,” says Henry Trevelyan-Thomas, Tessian’s vice-president of Customer Success.
“When you do that, it’s likely you don’t have any sort of two-factor authentication. This then makes it easier for attackers to exploit that data. If data is leaked, attackers compromise it and it can end up in the wrong hands.”
Talk to Madison Taylor Technology
As the workforce and workplace continue to change, there will inevitably be growing pains. Whether remote work remains a prevalent factor for the indefinite future or not, the world of cybersecurity is increasingly complex and will require diligence and expertise to keep up. If you’re ready to start taking the cybersecurity of your company seriously, contact Madison Taylor Technology today. We’re a full-service technology consulting company ready to assist with any of your company’s current or future technology needs.
Begin a Conversation
Have a question? Want to connect about a problem? Interested in getting started? Whatever it is, we’re here when you need us.