Remote work allows us to be more flexible and helps avoid CO2 emissions from work-related travel. And since the start of the Covid-19 pandemic, remote work has become a common practice valued by both employers and employees. However, working remotely poses a cybersecurity threat to companies, especially when staff members are unaware of the additional risks. Read our article to find out more about these risks and get a handy checklist of cybersecurity best practices that you can download. [By Lisa Mohsmann]
The Covid-19 pandemic sparked a diffusion of remote work practices all over the world. And as both companies and their employees learned during this time, working remotely comes with some major benefits: It enables employees to work more flexible hours, manage work alongside child or elderly care, improve their environmental footprint, and even just stay at home on a rainy day.
Remote Work Is Here to Stay
These benefits have led to a widespread acceptance of remote work. According to a 2022 survey by McKinsey, 58% of Americans are able to work remotely at least once a week and 87% of them choose to do so. One in three employees can even work from home entirely. Another interesting outcome of the study is that next to traditionally remote work heavy sectors like IT, Finance, or Design, an increasing number of people in legal, educational, or health-related occupations are doing at least part of their work from home.
Remote Work Comes With Plenty of Challenges
What many people do not realize is that in terms of IT security, managing remote work poses a unique challenge.
A study conducted by HP in 2021 revealed that 76% of office clerks say that working remotely due to the pandemic has blurred the lines between their work and personal lives. More specifically,
- 50% of the surveyed employees use their work devices for private purposes
- 27% use them to play games
- 36% stream content online
- 40% use them for online education
- 27% have let others use their work devices.
For IT experts, this is when warning bells start to go off: all these behaviors have consequences that go beyond the work-life balance of the individual employee. According to the above study, most IT executives associate the use of work devices for purposes that are not work related or the sharing of devices with a substantial increase in their company’s risk of a security breach.
Further security challenges in a remote work context can arise due to:
- Bring Your Own Device (BYOD) policies which limit IT technicians’ abilities to manage and oversee deployed devices and software
- Employees in geographically dispersed teams who have fewer opportunities for exchange with their coworkers and may be more vulnerable to scams
- Users who are not always connected to their company network, as they may be tempted to connect to public or unknown Wi-Fi networks which cybercriminals can then use to penetrate corporate devices
Most Companies Are Not Ready for Cyberattacks
The above-mentioned behaviors of remote workers have indeed (among other factors) contributed to a surge of cybercriminality since the start of the Covid-19 pandemic. Accenture estimates that the number of cyberattacks in 2021 was up by 21% compared to 2020 – for an average of 270 attacks per company throughout the year.
The problem is that many companies are ill-equipped to fend off these attacks. Positive Technologies calculates that the network perimeter of 93% of companies is penetrable for cybercriminals. Moreover, according to the ISACA State of Cybersecurity 2021, 61% of organizations indicate they are understaffed when it comes to cybersecurity professionals.
On the upside, organizations are beginning to make security a priority. A survey conducted in 2022 by the Enterprise Strategy Group found that 69% of companies have increased their cybersecurity budget in 2022.
A key to improving an organization’s IT security management is to educate the end users. Users who know how to detect a potential scam and who follow certain cybersecurity best practices contribute greatly to keeping company data safe.
Best Practices Your End Users Can (And Should!) Follow
We have developed an exportable checklist of cybersecurity best practices, explained in non-technical terms that you can share with your end users:
- Make sure you are connected to your company’s network, avoid using public Wi-Fi, and never connect to an unknown network.
- Do not click on suspicious links or attachments. If you are unsure, talk to your coworkers or reach out to the IT department or provider.
- Be suspicious of calls and texts from numbers you do not recognize, and never share sensitive information over the phone.
- When you encounter a scam, report it to your IT department or provider right away.
- Create strong, unique passwords for all logins. Ask your contact in IT about employing a password manager if you are not already doing so. Use 2-Factor-Authentication when possible.
- Check the website URL before you enter login information and be suspicious when asked to change your password.
- Do not install software or browser add-ons unless they are provided by your organization.
- Comply with your organization’s software updating (patching) policy.
- Even at home, make sure you lock your device (to do so, press the Windows key plus L on Windows, press Cmd + Ctrl + Q on Mac) when you are not using it. When on the go, never leave your device unattended.
- Back up your data regularly using your organization’s cloud storage.
- Be careful about what information you post online. Cybercriminals can use your personal data to harm you and your organization.