The Top Risks in Remote Working

April 22, 2020

We examine the top security threats faced by organisations when many employees are working from home, and the steps organisations should take to mitigate against them.

Following the uptake in remote working as a result of the coronavirus pandemic there has been a 92% increase in cyber-attacks, according to VMWare’s Carbon Black Global Threat Report.

Many companies who were inexperienced in remote working had to plan, deploy, and support users in a very short space of time, just to keep their businesses running. Standard risk management took a back seat as the race was on to get employees working again.


Technical Consultancy Director, Neil Douglas, outlines the problems faced by many small and medium-sized organisations in operating with a decentralised workforce

“We now have a perimeter-less office without the security protections that office systems afford us – such as firewalls, making us more vulnerable to cyber-attacks”.

“As working from home is here to stay for the foreseeable future it’s vital that measures are put in place to protect organisations from hackers, while their employees are working remotely.”

“Robust authentication is the backbone of secure remote working; without it, it’s only a matter of time (in some cases minutes) before you are breached, and a lack of detection methods only compound the problem”.

9 Cyber Security Risks of working from home

  1. Non-technical business owners and boards who don’t fully understand the risks involved in remote working.
  2. Weak Identification and Authentication Methods including poor password protection and employees not using multi-factor authentication.
  3. Poor Firewall Configuration on home firewalls that give easy access to cyber criminals.
  4. Insecure Locations & Networks, including public locations or insecure home environments such as shared accommodation or living in close to neighbours can open the door for digital eavesdropping.
  5. Inability to Update Systems due to lack of access to corporate systems management tools.
  6. Loss or Theft of Data/Devices such as usb devices or company laptops, especially when employees return to the office occasionally as organisations adopt blended ways of working.
  7. Social Engineering, isolation can mean remote workers are less likely to ask a colleague about a phishing e mail or a phone call that pretends to be from the IT Support Team.
  8. Legacy Applications can easily be deployed using insecure firewall ports and insecure network protocols, leading to loss of sensitive data.
  9. Bring your Own Devices (BYOD) used to access company data and applications can often have little or no control measures in place.

As a first step organisations should consider getting a risk assessment of their remote working by a security professional. This can lead to developing robust remote working company policy and processes. An audit should also check your current inventory for missing patches and appropriate action should then be taken.

Organisations should implement strong authentication by reviewing password and lockout policies and user password guidance. Monitoring and detection tools should be used for critical data.

When working from home staff should be supplied with a corporate firewall to be deployed behind their home user firewall. Organisations should also consider using always-on virtual private networks to provide secure access to the company network and applications remotely, backed with strong authentication.

Workforce Education

The workforce should be educated in cybersecurity risks including the eavesdropping risk and if it should be assumed all Wi-Fi networks are insecure and deployments should take place through always-on virtual private networks (VPN).

Employees should also be educated on using Multi-Factor Authentication (MFA) wherever possible for access to your network. If you are implementing MFA on a personal mobile its important to put the user at ease about how it’s used.

User awareness training on the increased risk of social engineering attacks such as phishing is critical when you have a large part of your workforce working from home.

Employees working from home should be trained in working with files remotely and provided with the applications and tools to work remotely so that data is correctly backed up or synchronized off the device. Devices that leave the office should be encrypted and a Bring your Own Device (BYOD) policy should be developed and enforced rigorously through audits.

Conclusion

The COVID-19 pandemic will undoubtedly be a step-change in the way we work leading to a big permanent increase in remote working. Taking action to protect your mobile workforce will help set up your organisation to take on future challenges with confidence.

Contact Us

ITDirector Tel - 0333 015 0322