How to Maintain Business Cybersecurity in the Age of Remote Workers
author: Dakota Murphey
Remote working is becoming increasingly common. According to recent figures, 66% of business now offer remote working, and around 16% of employees are completely remote. Remote workers offer a huge benefit to businesses, allowing companies more flexibility to bring in expertise or reduce the need for expensive office space. But in spite of the growth of remote working and the benefits it can offer to companies, there are potential issues too, and one of these comes in the form of cyber security.
Remote workers can potentially present a number of cybersecurity risks to organisations, and cybercriminals are finding more ways to exploit these weaknesses. In this blog we take a look at the challenges for business’ cybersecurity in the age of remote workers, and what organisations can do to mitigate these risks.
Understand the risks of using remote workers
Firstly, it is important to understand some of the risks that remote workers present to organisations. Whether these are permanent members of staff who work from home, or they are freelancers who connect with the business and access its systems and data, they add a layer of complexity to keeping organisations secure.
A 2018 survey revealed that nearly half of businesses in the UK have experienced data loss or breach as a direct result of mobile working. Some of the major factors here are that businesses may be less able to enforce their security policies with remote workers, as well as a lack of commitment to security practice and risky behaviour from remote staff. However, there are many things that organisations can do to reduce the risks.
To accommodate remote working, businesses are moving to the cloud as it offers increased flexibility and scalability and this is creating additional security risks. Working through the cloud can put users at the potential danger of denial of service (DoS) attacks, as well as having their accounts hijacked.
Set a remote working policy
It is important for companies to set a strong remote working policy that sets out what remote workers need to do when they carry out work away from the office. This includes the devices that are used, as well as how data is sent between devices inside and outside of the network.
It may be the case that you should require workers to use remote access in order to view company data and IT infrastructure and that any devices used must be encrypted and password protected.
Approve software and tools
There can be a real problem with shadow IT in business. This refers to the practice of staff installed software and applications without the knowledge of IT staff. While this might seem commonplace, it can actually cause huge problems.
Your IT team should review and approve software and tools that staff are able to use – and this is something that should apply to remote workers too. Ensure that when staff work remotely, they are only making use of approved applications and software, as it is often a problem when individuals use software that has not been updated or patched.
Invest in behaviour monitoring
It is absolutely essential that businesses should invest in strong cybersecurity. The nature of remote workers and the evolving level of sophistication of cybercriminals means that you should take a proactive approach to keeping all staff secure. This could involve utilising software like security information and event management (SIEM) which analyse network traffic to help identify threats across networks.
“Security information and event management is a set of threat detection technologies that combine to provide a holistic view of an organisation’s cyber security posture.” – Redscan.
Many SIEM solutions now offer User Entity and Behavioural (UEBA) analytics to help better identify compromised accounts, privilege abuse and other suspicious user activity.
Continuously train staff
It is important to provide staff with regular training on their responsibilities with regard to cybercrime, as well as how to spot phishing emails. It is especially important that this training should be regularly updated with sessions providing up-to-date information.
Tips for remote workers
There is also an impetus on remote workers to do more to ensure that they are working safely and not doing anything that could potentially allow the business network or data to be compromised. Of course, any steps taken should be signed off by the security team beforehand, but in general remote workers should:
- Never send sensitive data using public wi-fi
- Connect using a Virtual Private Network (VPN)
- Ensure that they are setting a strong password
- Save data on secure cloud-based services rather than on a device
- Ensure hardware and software are regularly updated
Businesses should feel confident using remote workers as they can offer a huge range of benefits – but it is important that they should take all the necessary precautions. Understanding the risks and putting powerful defences in place can make this practice highly secure.