Before the coronavirus crippled our economies and forced us to work indoors, we were already taking our work home with us. More than half of us were working remotely at least one day a week.
Moreover, when asked, 99 percent of people said that they would prefer to work from home rather than being at the office every day from nine to five.
Once the COVID-19 pandemic hit, almost nine out of ten organizations arranged for their employees to work from home, resulting in almost 1.5 billion remote workers worldwide.
Most experts believe that the pandemic has been a catalyst for lasting change. Even after the pandemic is behind us, the world will still rely on remote work, and more than a third of us will be able to work from anywhere on the planet full-time.
However, for all of its benefits, remote working poses a few challenges to organizations, the biggest of which pertains to security. Remote working threatens data security and may affect the overall integrity of business systems. As the number of remote workers increases, the concomitant threats will increase as well.
As a result, organizations need to be aware of the possible threats and how to best face them. Here are some greatest threats to data security that come with remote working:
#1 Unsecure networks
When your employees log on to the internet, they may be doing so from an unsecured network, which jeopardizes both their personal information and information related to their company.
If your employees use public wifi to access the internet, they face two types of security threats.
To start with, other malicious actors on the same network may be able to tamper with your employee’s device, especially if there isn’t a firewall between them. The second problem is that individuals may be able to spy on the traffic between your employee’s device and the internet.
Alternatively, if your employees are relying on home wifi, this presents its own host of problems. If the home network is protected by a weak password, any hacker will be able to break into the network with little to no trouble at all.
Additionally, seeing as home wifis don’t have IT managers working daily to keep the security up-to-date, these networks tend to be guarded by weak protocols such as WEP rather than WPA-2, which, again, doesn’t pose any real challenge to an advanced hacker.
You need to teach your employees how to establish a secure network. One thing they could do is use a virtual private network, also known as a VPN. VPNs encrypt the incoming and outgoing traffic on your employee's device and also look out for any indications of an infection.
It is worth noting that VPNs can differ greatly in the services they provide as well as their pricing. You will need to shop around a bit to find the right VPN provider for your employees.
#2 Problems associated with emails
One of the main drawbacks of remote work is the near absence of in-person communication; after all, we can convey a lot of nuances with the tone of our voice and with our body language. And, to make up for lack of face-to-face communication, your remote workforce will have to rely on exchanging emails.
This increases the likelihood that these emails will contain sensitive information in addition to personal information. Should these emails be intercepted in any way by a third party, this could have damaging consequences for your company.
Another threat that comes with this reliance on emails are phishing attacks. Out of all the different types of possible cyber attacks, phishing attacks are probably the biggest culprits responsible for the largest number of data breaches.
A phishing attack is when a hacker sends your employees an email that seems legitimate for all intents and purposes. Yet, this email will contain malicious links or software that will give the hacker access to the employee's device when clicked.
With COVID-19 running rampant, the threat of phishing attacks is more prevalent than ever. According to Google, more than 18 million phishing emails were sent daily, all of which were used to lure people into scams related to the coronavirus.
Initiatives like the US’s stimulus package make it easier for malicious individuals to muddy the waters, sow disinformation, and exploit people’s fears.
So, how can companies face this kind of threat, especially during uncertain times like these?
To protect sensitive information, companies should ask their employees to use encryption software and to use end-to-end encryption technology when chatting or sending each other important documents. If the emails get intercepted, they still would be protected.
Better yet, even if the employee’s device gets stolen, the encryption software will protect the data on it.
Encryption software can save you from being legally liable. An unencrypted device may lead to important data getting stolen, and in some states in the United States, breaching disclosure laws makes you legally liable.
The loss of important data may subject you to heavy fines. However, if the device is encrypted, the data will not only be saved, but the penalties that result from breaching disclosure won't also come into effect.
The only real solution for phishing attacks is educating employees on how to spot potential phishing scams and how to deal with them. More importantly, you also need to teach your employees what to do if a data breach does occur; even though we are all taught to never play with matches, we still have to perform fire drills regularly in case a fire breaks out.
#3 Physical theft
When your employees work remotely, whether it's on a company device or their own, the device may get stolen, compromising all the data on it.
Hence, employees should be encouraged to take all possible safety precautions. This includes locking their home doors at night, never leaving the device unattended when in public, and never leaving the device in the car. When traveling, employees should keep their devices on their person at all times.
But what can you, as an employer, do about this problem?
We’ve already seen how encryption can make your life easier.
Another solution you might want to look into is securing your employees’ devices. Basically, you can place software on these devices that can protect the data:
- Some tools enable you to lock access to the computer or phone from anywhere on the planet.
- Some tools can erase any stored data.
- Some tools can be used to retrieve backups on the stolen device.
These tools can neutralize any threat posed by a stolen or lost device.
#4 Working on home devices
It is always preferable to have your employees work from company computers instead of their personal ones, and there are a couple of reasons for this.
Company devices can be secured easily. In-house IT teams will be sure to install the latest updates and scan for viruses regularly. They will also block malicious sites and look for any possible security breaches.
None of this is to mention how your company can probably afford high-end security software, the likes of which your employees would never be able to pay for on their own.
On the other hand, personal computers can be risky, and adding them to a corporate network endangers the entire network.
Unless they are technically savvy, most employees are unaware of half of the safety measures performed by your IT team, making their personal computer susceptible to attacks from malicious actors.
Furthermore, when a personal device is introduced to a work network, it can become a chink in the company’s security armor, presenting hackers with a weak point to attack the entire network.
To tackle this problem, companies should consider two solutions:
Seeing as many employees might be unaware of the necessary precautions needed to safeguard their devices, companies should educate them and require them to have up-to-date firewalls, the latest versions of the antivirus software, and the best anti-malware software possible.
It's not enough to enact these safety precautions on personal computers. Employees should learn to take these measures with all their devices, including their smartphones and their tablets.
Employees should also learn how to spot a potential cyber breach. For instance, if an employee finds new programs popping on their device, programs they didn’t install, this might be a sign that they have been hacked.
However, other signs might be a bit ambiguous. For example, even though a computer slowing down might be an indication of a cyber breach, it can also be a result of programs that are freezing the device.
Therefore, employees need to learn how to check and see what programs are running, and should they realize that there is malware running in the background, consuming valuable resources, and making everything sluggish, they need to know how to get rid of these harmful programs.
Another way of reducing the risk associated with using personal computers is to make sure that there are no sensitive files on these devices. This means having employees work through online portals or environments and having all the data saved on the cloud.
As a result, your employees won’t have to download or sync any files on their personal devices. Should these devices get compromised, the damage will be mitigated.
Other safeguards companies can take to protect their data
Even though we've focused on some of the main challenges and how you can face them, you can do a few things to stay ahead of the curve.
To begin with, cloud technology today can take a large part of the security load off of your shoulders, and software such as a cloud access security broker, shortened as CASB, can be a cornerstone of your data security strategy.
You should also make sure that your IT team has full control over any remote device. This will ensure a rapid response should a problem arise.
All that said, there will never be a substitute for educating your employees, training them to be vigilant, and putting in place a strong remote work policy that maximizes cybersecurity.
About the author
Jasmine Williams covers the good and the bad of today's business and marketing. When she’s not being all serious and busy, she’s usually hunched over a book or dancing in the kitchen, trying hard to maintain rhythm, and delivering some fine cooking (her family says so). Contact her @JazzyWilliams88