Cybersecurity Risks And Tips For Remote Workers

Remote Work

Cybersecurity risks and threats have been on the rise as more and more employees started working from home after the emergence and spread of COVID-19. From Ransomware attacks to scam emails, companies saw their once secure network turn into an open park for hackers.

Organizations suddenly had to deal with the massive change in the work environment and tackle widespread online attacks. They had not made sufficient provisions for electronic and phone communications and against cybersecurity risks.

A study of UK IT decision-makers even found that around 57 per cent of them believed remote workers would expose their businesses to data breach risks.

Christine Sabino, a senior associate at Hayes Connor Solicitors said that companies even ignored simple data protection practices in the hurry to set up work from home practices.

HP recently conducted a comprehensive global study analysing the cybersecurity risks involved in remote work and published the same in Blurred Lines & Blind spots. The study found that evolving work styles and behaviors are giving rise to vulnerabilities for companies, people, and their information. Around 70 per cent of 8,443 employees surveyed, the study found, admitted to using their work devices for personal use, and 69 per cent admitted that they use personal laptops for office work. Around 30 per cent of employees working from home, the study found, allowed someone else to use their office work device.

Unsafe activities like these opened businesses up to cybersecurity threats leading 54 per cent of IT decision-makers to witness an increase in phishing cases and 56 per cent of them to see an increase in internet browser-related infections.

Let's take a look at some of the most common work from home related cybersecurity risks:

Working with personal devices

personal work

Many remote workers log in and work from their personal laptops or other mobile devices. Unfortunately, many companies follow this policy, often called Bring Your Own Device (BYOD). Allowing employees to use their personal devices for work gives rise to risks such as your confidential data remaining on their devices when they leave and security lapses caused by un-updated software.

There are also chances of employees leaving their devices in places from where they can easily be stolen. It causes a greater risk of data loss or breaches, especially if the device is not locked or has no security feature.

Weak and lazy passwords

password

Passwords may not be the ultimate or most advanced security feature, but they are often the first protective barrier against cybersecurity risks.  This barrier is, however, useless if not crafted with care and fortified. Many work from home employees are sloppy when creating passwords and come up with codes that are easy for a hacker to figure out. Passwords that are also not changed for long periods of time are also subject to the risk of getting deciphered.

Sharing of passwords with co-workers, multiple sites

password sharing

Another practice of many employees that only serves to add insult to injury is the sharing of passwords. While it is wrong for employees to share their passwords with their coworkers, another practice is a major malpractice. It is the use of one password for multiple sites or access points. Famously, whistle-blower Edward Snowden could access numerous sites without authorization because his colleagues had given him the passwords.

Using unsecured Wi-Fi networks to access sensitive information

unsecured Wi-Fi

For one or more reasons, employees sometimes use public unprotected Wi-Fi networks to access their work accounts, allowing malicious individuals the opportunity to spy on and harvest sensitive information. It is one of the major causes for concern related to the cybersecurity risks of working from home, especially when data is transferred without encryption, making it easier for cybercriminals to intercept and steal the information.

Sharing of files without encryption

file sharing

Employees communicate a lot of personal information on a daily basis, from customer account information to files and more, that you, as an employer, can’t afford to leave them vulnerable to cybercriminals. Identity theft and fraud, Ransomware attacks, and other issues arise when confidential business information is intercepted.

Phishing scams

phishing

Employees who work from home pose the greatest risk to a company’s security and confidential information by unwittingly following some of the worst cybersecurity malpractices. One of the biggest security risks to remote workers is phishing. Phishing is when a person or entity poses as a legitimate source and contacts others, usually through emails, to trick them into divulging private information like login credentials. This compromised data is then used to steal more information, break into locked accounts, or commit identity fraud. Phishing schemes have become so advanced that they have become harder to detect and make it past filters into an employee’s inbox.

Weakening of security controls

security controls

Now that workers have suddenly taken their office devices home to work remotely through their personal Wi-Fi, it has stripped them of all the defenses that usually secure the office network. Now that NAC, IDS, and NGFW or proxy servers are no longer available to remote workers, client devices will remain unprotected and vulnerable to unsecured networks among potentially hacked devices. Furthermore, the security of the internal network could be jeopardized, seeing how employees working from home now require access to resources that were previously only available on a wired network in a single location.

Attacks against remote-working infrastructure

Cyber attack

Aside from eroding existing safeguards, the creation of new networks will introduce additional risks. Brute force and server-side assaults must be avoided, and a distributed denial-of-service (DDoS) defense will be necessary. It will be the first time that a DDoS assault can potentially kill a company by prohibiting remote workers from accessing services online. Both of these types of attacks can expand dramatically, according to researchers.

Working from home cybersecurity tips for remote workers
  • Use comprehensive antivirus and internet security software at home. This is one of the safest ways to protect yourself from any cyber attacks at home.  

  • Don’t share your work devices with family, friends, or others.

  • Always keep “Find my device” enabled.

  • Keep updating your operating system and software.

  • Buy and use a sliding webcam cover. Unplug any external webcams when not in use.

  • Always use a VPN, at least when connecting to public unsecured Wi-Fi networks.

  • Enable two-factor authentication where needed.

  • Make it a practice to use a centralized storage solution.

  • Secure your personal Wi-Fi network.

  • Ensure that all your passwords are strong and secure. Change them regularly.

  • Be on guard for email scams and the security of your email. Don’t click on links or open attachments from emails you don’t recognize.

  • Don’t overshare your screens, and be mindful of what is in your background during video calls.

Work from home security checklist for employers
  • Have a documented work from home security policy. Clearly define what positions are eligible for remote work.

  • Ensure that your employees are not cross-utilizing work and personal devices for office and personal work.

  • Offer cybersecurity awareness training to your employees. Include training for phishing attacks in particular.

  • Ensure that a VPN is used when employees connect to the office network from home.

  • Use secure and end-to-end encrypted platforms for office video teleconferencing.

  • Ensure that your employees use a centralised storage solution and backup data regularly.

  • Ensure that work devices are secured by company-approved antivirus software.

  • Encourage your employees to use strong and safe passwords. You could also opt for a password manager.

  • Encourage your employees to validate their credentials using two-factor authentication.

  • Protect company data by using encryption software to bar access to unauthorized users.

  • Ensure that employees use corporate email solutions instead of personal emails or messaging accounts for storage or transmission of data.

  • Give all employees a set of protocols to follow when the first signs of an account breach are noticed.

Cover your bases but be prepared for the worst

Hackers are always on the lookout for signs of complacency in potential targets. Remote workers, in particular, are at risk and, according to research by Deloitte, work from home cybersecurity threats have increased as remote work has opened the door to new types of data theft. If your employees work from home, ensure that you and your IT team do everything to prevent attacks and are prepared for the worst.