What are the Cybersecurity Risks Associated with Continued Long-Term Remote Work? The majority of the workforce is still working from home due to COVID19. What are the associated risks when we consider a continued and potentially permanent remote working scenario?
Just over a year ago, COVID19 changed the working world as we knew it. To protect ourselves and others, many employees were no longer allowed to go to their workplaces and other crowded places. Companies were rushing to determine the best policies and procedures to avert as much risk as possible while protecting their employees.
Today, those work from home policies are still happening for many companies. Working from home may remain a reality for the near future and potentially permanently for many organizations. What are the cybersecurity risks when it comes to long-term remote work?
Research conducted by Buffer shows that more than 95% of employees surveyed would like to continue working remotely and would also recommend it to other employees. These respondents stated flexibility to work from anywhere apart from home and the workplace as another benefit of remote working.
It is also vital to understand that 45% of the respondents attributed to being more productive while working remotely than at the workplace. 52%, on the other hand, noted that they engage in more meetings with remote working than they did in the traditional workplaces. Based on the above observations, remote working has brought along major benefits despite the few challenges that employers and employees are striving to find solutions on how to deal with.
What Are Some of The Cybersecurity Risks of Long-Term Remote Working?
According to the Buffer survey, 38% of those surveyed were unsure about the future of working remotely in their organization while 46% of organizations will permanently allow remote work. At the beginning of the COVID19 quarantine, employers were forced to rely on the home networks and personal devices of their employees, many of them without the policies and procedures of their corporate networks.
The good news when it comes to long-term remote work is that companies have been given time to prepare and plan for the potential future of long-term remote work. When organizations start with a security plan or framework, their odds of success are significantly higher.
Research done by CISO Benchmark in 2020 shows that companies are struggling to control and monitor their remote workers’ use of devices such as computers and phones. 52% of the respondents agreed that it is so challenging to safeguard their mobile devices from cybercriminals and bullies.
In addition to using personal devices, other cybersecurity risks associated with long term remote work include:
- Weak Passwords
- Phishing schemes
- Insecure Wi-Fi
- Sharing of unencrypted files
- Mobile Malware
- Email Phishing
- Discounted Off-the-Shelf Malware
- SMS Phishing
- Malicious Software
- Ransomware Attacks
Read the 6 Steps to Ensure Enterprise IT Security While Working from Home
Despite all the cybersecurity risks associated with working remotely, it is said that millions of employees do not act securely worldwide. Most of them do so due to carelessness and not ignorance, as they are equipped with all the tips that they need to keep cybercriminals away and avoid data breaches.
According to research conducted by OpenVPN, 90% of IT experts believe that remote workers do not act securely, which leaves them vulnerable to cybercriminals.
Most than 70% of these respondents also believe that remote employees pose greater cybersecurity risks compared to onsite workers.
How Do You Maintain Security When Employees Work Remotely?
Despite the risks associated with working remotely, it is possible to maintain security among employees working remotely.
In our recently released Remote Workers Guide, our CTO Andrew Hamilton describes all the ways Cybriant is protecting our organization while we are working from home because of the COVID-19 outbreak in the US.
In this guide, we discuss tips to secure personal devices and the exact steps to take if you think you have been compromised. Our team deals with highly sensitive data and our remote workers must be vigilant when working remotely. Download the guide and see what steps we’ve taken to prevent our team from cyber attacks.
You’ll also be interested to learn the types of cyber attacks you may see while working from home. Download the guide today and let Cybriant assist your organization during this unique time in our lives.
Now More Than Ever: Hackers Want Endpoints
Hackers understand the global pandemic we are currently experiencing. They also know that whatever you are NOT focused on defending, and they will flow like water to get to it.
Where are you not focused as a defender? That’s where the hacker will go.
Since working remotely has been mandated to slow the spread of COVID-19, focus on your users’ endpoints.
According to the 2019 Data Breach Investigations Report, 94% of all attacks start with email. Be aware that even more users will click on malicious links when they are using their mobile devices.
Related: Top Cyber Security Websites
Mobile Devices Users are More Vulnerable to Phishing Attacks
According to a recent mobile phishing report, there is an 85% increase annually in the rate at which people are falling for phishing attacks on mobile.
Mobile devices are connected outside traditional firewalls, typically lack endpoint security solutions, and access a plethora of new messaging platforms not used on desktops. Additionally, the mobile user interface does not have the depth of detail needed to identify phishing attacks, such as hovering over hyperlinks to show the destination.
As a result, mobile users are three times more likely to fall for phishing scams, according to IBM.
Finally, the huge amount of personal and corporate data on mobile devices is making these devices the preferred target for phishing attacks.
In fact, in spite of being protected by traditional phishing protection and education, 56% of Lookout users received and tapped a phishing URL on their mobile device between 2011–2016. Fortunately, in these cases the attack was thwarted by Lookout.Before enterprises can achieve comprehensive protection against phishing attacks across all vectors, including the mobile device, security and IT professionals need to understand how current phishing myths muddy the waters and get the facts that will help them make informed decisions on how to protect corporate data.
Defending Your Enterprise While Working From Home
How to Protect Mobile Devices for Remote Workers
For a comprehensive mobile device protection strategy, you need a tool or service for endpoints that can offer a form of antivirus, an EDR-type tool that can record and log instances for future forensics, as well as vulnerability management for mobile.
Your mobile device security strategy should provide phishing protection for:
– Email
– SMS
– Social Media
– Messaging Apps
You should also consider Mobile Threat Defense that defends against:
– Application Threats
– Device Threats
– Network Threats
Managed Detection and Remediation (MDR) for Endpoint Security
Not only does MDR from Cybriant help reduce the time between breach and detection, but we can also help stop the threat before it can fully execute.
Our experts utilize a static AI engine to provide pre-threat execution protection. The static AI engine replaces traditional signatures and obviates recurring scans that kill end-user productivity.By tracking all processes, our team is able to detect malicious activities and use behavioral AI technology to respond at top speed. We can detect and stop file-based malware, scripts, weaponized documents, lateral movement, file-less malware, and even zero-days.
With MDR from Cybriant, our security analysts monitor your endpoints 24/7 and filter out false positives. You’ll receive alerts when relevant threats are detected along with advice and insight from our cyber security team to help you mitigate and respond to the threat.
As an extension of your team, our experts will investigate, triage, and remediate security events and provide executive-level reporting. Remediation may reveal dormant or trojan threat actors that evade network and endpoint detection solutions. Our MDR solution includes leveraging the talents of our experienced team as well as next-generation antivirus and EDR tools that utilize AI.
The MDR service from Cybriant will allow you to protect your organization’s data and reduce your threat landscape against the most advanced threats.
Recommendations from Cybriant
We typically recommend starting with an assessment so our team has a better grasp of where you are in your security strategy. We offer all assessments including:
- Risk Assessment
- Gap Analysis
- Penetration Test
- Mobile Security Risk Assessments
Find out more about our assessments here.
The company should for instance formulate solid remote working policies that should be followed by every employee. Extensive training should be conducted to ensure that each of them understands the policies and can follow every step to the end.
The CPO Magazine recommends additional security tips as discussed below:
- Beefing up all network security– Employees working remotely must ensure that they use VPN all the time as a way of maintaining end-to-end encryption of anything they share. Storing data on the cloud also enhances the security, performance, and reliability of the data.
- Caution must be taken when using personal devices and IT experts must always be on standby to manage and monitor them.
- Having reliable authorization and authentication plans in place for remote workers can also keep off cyber criminals.
- Watching out for phishing threats.
- Securing all collaboration apps.
- Constantly training and equipping employees with safety cybersecurity tips such as using strong passwords, multiple authentications, and using cloud services.
- Setting up plans for crises and critical systems in advance.
References
Remote: Office Not Required by Jason Fried and David H. Hansson
Remote Office: The Ultimate Guide To Working From Home by Crystal Reynolds
Speaking of Psychology: The challenge of telework during COVID-19 with Kristen Shockley, PhD