Whilst remote working has been a positive change for many, it introduces considerations that must be made regarding cyber security. Business owners and IT managers – unless you have proactively considered cyber security for remote devices, you may be putting your business and customers at risk.
During COVID-19, the world saw a sudden and rapid increase in the number of employees working remotely. Many found that this approach to work increased their quality of life, citing an improved work-life balance.
With this improved work-life balance comes a whole host of benefits, including but not limited to increased employee productivity, performance, and retention.
Businesses recognised this, and found it was cost-effective to allow remote working to continue even after the pandemic.
Now, in 2023, it is commonplace for businesses to employ workers that use their own devices for work, in their own homes or wherever they may be. Around half of workers in the UK report working at least one day from home (ONS).
We know that most businesses now take some form of action towards enhancing their cyber security: approximately 80% of businesses in the United Kingdom take some action to identify cyber security risks (GOV).
However, do the owners of these businesses consider the new challenges and considerations that come with remote workers? Do they understand that they must take extra steps to ensure their cyber security scope is inclusive of remote employees?
Both businesses and individuals may unknowingly misplace reliance on cyber security tools and frameworks without realising that they don’t cover remote devices.
The prominent risk factors of employees working remotely include:
Remote workers will use their own WiFi networks, which may not be secure to the same level as your business network. Wireless routers use encryption to protect communications from hackers and these must be configured and strong enough to be effective.
Employees may also work whilst connected to a public network such as in hotels and cafes, which increases risk for man-in-the-middle attacks where a hacker may intercept communications and use this to access your business network.
Poor firewall configuration making it vulnerable to cyber attacks.
Home devices may have unpatched software due to not being scanned by the business. This creates an opportunity for exploitation by malicious actors.
Home devices may have poor antivirus measures due to a lack of policy extension.
Employees likely don’t see their home devices as needing to follow password policy, so they may use passwords that are easy to target by brute force or password checkers.
Whilst your organisation likely has a back-up of its files for its on-site devices, are your remote devices backed up?
Corruption or user error could easily lead to a total loss of data in these devices.
A single compromised device could lead to data leaks that prove heavily problematic to your organisation, breaching the privacy and safety of both employees and customers. Furthermore, if a hacker remains undetected then one intrusion could lead to a chain reaction of events.
The potential consequences are unlimited and unpredictable, demonstrating the necessity of a cyber security scope that is inclusive of remote workers.
Good cyber security policy implementation should always involve the consideration of remote workers and its implications. Complacency in this area can lead to catastrophic consequences.
To ensure that your remote workers are secure you must use management tools that cover remote workers.
On remote devices these should include:
Extend your information security and cyber security policies to remote workers including:
Adherence to any information/cyber security standard will be also affected and relevant changes will need to be made to address the associated risks and implement the mitigation strategy.
Recognising that remote workers need the same amount of security and management as an in-house worker is vital. Perhaps they might even need stronger protocols and protection, due to the potentially increased risk of network-based attacks.
Using software like Cyber Safe that integrates remote workers as a priority is an approach that all organisations can take i to provide visibility of their cyber security posture.