Many organizations allow employees to carry some work home as the strategy increases productivity and provides more flexible schedules among other advantages. However, working remotely introduces some cyber risks that threaten the organization’s cybersecurity posture. It is therefore necessary for every organization to be familiar with the different types of risks associated with remote working approaches before implementing such a move to reap on its numerous benefits.
Home Setups are Often Insecure
In most cases, a home setup that features a network connection and devices used to access confidential corporate data may have insufficient security. For instance, it may lack a defense in-depth approach such as the use of VPNs, antivirus solutions, firewalls, and intrusion prevention systems which are certainly used to secure an organization. Rarely will an enterprise enforce such security measures to protect important data and provide basic security in residential environments where employees might be working from remotely. In effect, there is an increased possibility of a breach occurrence or compromise of authentications needed to access the company’s systems from home.
Employees tend to uses several devices
Employees frequently use more than one device when working from home to access important information or for other work-related reasons. This complicates the implemented efforts for protecting data as every device used is a potential entry for system threats. For instance, the employee’s laptop may have sufficient security controls but using an insecure smartphone may enable cybercriminals to compromise the organization’s cybersecurity posture. It is imperative for users to observe predetermined security policies governing the use of personal devices to handle work-related tasks. If the policies are non-existent, an organization should put effort to create employee awareness to help them ensure that every device has some form of protection, including basic security measures like password mechanism.
Remote Working Leads to Increased Data-Sharing through the Internet
As compared to an office environment where employees use secured communication infrastructure and intranets to communicate and exchange information, work from home interactions are increasingly dependent on the Internet connectivity. This is a huge risk since public Internets are insecure and often full of malicious actors. The connection used may contain several flaws that can be compromised to allow a cybercriminal to intercept every piece of data transmitted through the wide area network. This calls for a more secure approach for communicating important information and it may comprise of using secured applications for file sharing, sending and receiving emails, or using secure VPNs.
Logistical Challenges Hamper IT Support
Just like employees working on-site, remote workers often require the support of the IT department, specifically due to diverse security issues. Distance and logistical challenges may prevent the IT department from efficiently providing the required assistance. For example, if the internet connection is breached or during cyberattack aimed at data theft, the IT support may not be able to prevent the attack remotely, and this challenge can lead to incidents with devastating consequences.
Tips to Enhance Cybersecurity for Work from Home
- Create a policy that requires remote workers to use company-issued devices
- In case employees are permitted to use their personal devices, ensure that the hardware is equipped with efficient security controls
- Reduce the internet cyber risks through VPN use
- Train employee on basic security practices – protecting their devices, using complex passwords that should be changed regularly
- Develop and implement a disaster recovery and business continuity plan that will guide in recovery efforts in case of a data breach on a remote workstation
- Purchase a cybersecurity liability insurance to help in recovery in case of an incident
Latest posts by George Mutune (see all)
- Compliance Regulations and the Future of Cybersecurity - July 31, 2019
- The Complete History of Cybersecurity - July 20, 2019
- Cybersecurity Risk Assessment – Made Easy - June 9, 2019