Even if your company has already adopted remote work (or hybrid work, as in some on-site and some remote) as a standard method, this question has probably crossed your mind. Maybe it still is. Kudos to you and your team for taking the security risks seriously and for bearing in mind that there are two sides of every coin. But thinking long-term, is remote work worth the risks that they create?
Many Reasons to Make Remote Work Work
You know that light at the end of tunnel that we’ve all been squinting at since early 2020? It’s getting larger and brighter. And so is the fact that the work-from-home model is here to stay. According to a Gartner survey, 47 percent of organizations plan to give employees the choice of working remotely full-time once the pandemic is over, and 82 percent would permit remote working some of the time.
The appeal of remote work lies in its benefits to employees, employers, and even the society at large:
- Employees who don’t have to commute to work every day enjoy a better work-life balance, less commute stress, and cost savings.
- Employers can save money as well, such as by downsizing office space and hiring talent that they wouldn’t have access to if they were limited by geography.
- The society benefits because remote work reduces congestion and pollution, allowing everyone to live healthier lives.
To be real though, the attractions and benefits are not without its share of downsides. The cybersecurity risks created by remote employees working from various locations while using personal and work devices are among them. Let’s take a closer look at the impact of remote work on cybersecurity.
Yes, Cybercriminals See Remote Employees As Easy Prey
Imagine that you’re a moderately skilled cybercriminal (you’ve earned your hoodie but you aren’t hacking into the Pentagon quite yet), and your goal is to obtain any juicy data that you can sell on the dark web. Would you rather target an organization whose security perimeter resembles a fortress or one whose employees are out there in the open, ignoring the fact that they could be targeted at any moment? Of course, the latter option seems like the way to go. And real-life, human cybercriminals agree.
An AT&T survey of 800 EMEA cybersecurity experts found that 70 percent of large businesses (with more than 5,000 employees) believed widespread remote working was making their companies more vulnerable to cyber-attacks. Small businesses are feeling the heat as well, and most are even more concerned about cyber-attacks in the near future, according to ConnectWise’s 2020 State of SMB Cybersecurity report.
Their concerns are well justified because phishing attacks surged nearly 400 percent since the outbreak of the pandemic, and the average weekly number of ransomware attacks has increased 93 percent over the past 12 months. Even ransom payments are larger than they’ve ever been, reaching an average of $154,108 in Q4 2020, up from $84,116 in Q4 2019.
Managing Risks of Remote Working
Cybercriminals won’t stop seeing remote employees as easy prey until organizations address the most common work-from-home cybersecurity risks, which include:
- Poor password hygiene
- The use of unsecured Wi-Fi networks
- Improperly configured personal devices
- Dangerous web browsing and email habits
- Unencrypted file sharing
The good news is that these and other remote work cybersecurity risks can be managed right now by you and most don’t cost a dime outside of the time and effort it takes to plan then communicate.
“Businesses who initially compromised on cybersecurity to speed up the transition to homeworking are taking a tremendous risk,” said John V. Slamecka, region president EMEA & LATAM, AT&T Business. “They must address cyber risks now to provide for business continuity and help protect their workforce and business for the future.”
All—and we do mean all (include the CEO on the meeting)—remote employees should receive cybersecurity awareness training to better recognize and avoid common cyber threats. They should also agree to a remote working policy that provides clear guidance on everything from password creation and storage to the use of personal devices for work-related purposes.
Organizations should also support their remote employees by providing them with technical solutions to protect sensitive data, such as multi-factor authentication (MFA), virtual private network (VPN), password manager, and full-disk encryption, just to give a few examples.
THE GOOD NEWS SIDE NOTE: Many companies already have access to these kinds of tools; they just don’t know exactly where to access them or how to use them properly. Contact us if you’d like us to help you locate them and set them up.
Secure Your Remote Employees with HDCav
These and other cybersecurity improvements don’t have to stop or even pause what you do every day. As long as they’re implemented well, they can decrease the risks of remote working and make it well worth sticking it out for the long term. We understand the risks of remote working and we offer a full range of managed IT services to help organizations in Kitsap County address them as effectively, affordably, and comprehensively as possible. Contact us today and let’s talk about getting those remote employees of yours as secure as possible.