Whilst the benefits are undeniably attractive, therein lies a threat: cyber attacks on remote workers. Flying too far away from the corporate nest does not come without issues, as organisations face heightened vulnerabilities that must be addressed.
Knowing there would be far fewer people in the office following the Euro 2020 finals, this was the perfect opportunity for a cybercrime group to strike. Businesses of all sizes were left offline and with no way to trade. On May bank holidays, the group struck again. Having encrypted over one million IT systems, the ransom was set at a staggering £50 million in bitcoin. The growth in cyber-crime has been well documented, with experts giving a stark warning that attacks will become more frequent and could result in even more lost business.
Why do companies need remote worker cyber security?
In today’s digital battlefield, we can see cyber security as the ultimate shield, put in place to protect companies’ sensitive information from being stolen and used against them. Key targets may include customers’ data, financial records, and trade secrets. If this were to happen, organisations risk dire consequences ranging from financial losses and legal retribution, to loss of customers as well as their trust. The only way to ensure this does not happen, and that remote worker cyber security is maintained, is to fortify your defences, learning how they get in and how to keep them out.
Why are home workers at higher risk?
When working from home, the risk of cyber attacks is unfortunately far higher than when working in the office.
This can happen when using:
- A less secure network
- Personal devices with poor security
- ‘Bring Your Own Device’ policy, as this makes securing each separate device difficult
- Cloud services to store and access data, as any vulnerabilities can be targeted
And when away from the office remote workers cyber security poses significant risks:
- The IT support’s response to, or determination of, a problem becomes a bigger challenge
- People are more susceptible to phishing attacks
- A device containing sensitive information can be lost or stolen
Defining the cyber security remote working threats
Phishing
When our lives are in crisis, we have become used to turning to our devices for guidance and information. This is great to keep employees up-to-date, but unfortunately great for cyber criminals too. Criminals tend to use remote workers’ poor IT security to their advantage, spotlighting current world events to lure people into their phishing emails.
During the pandemic, as more people worked from home and uncertainty about the outcome grew, criminals harnessed this fear of COVID-19. In their emails they claimed that they could offer vaccines and cures, and due to the nature of this article you can probably guess, they could not, and instead installed viruses and malware on the unsuspecting recipient’s device. At the height of the pandemic, a 667% increase in malicious phishing emails was reported by Barracuda Networks, requiring Google to block more than 100 million phishing emails per day!
Insecure network connections and WiFi risks
Insecure networks are remote workers’ kryptonite for many reasons. Say you decided to escape the house to work from your local cafe, let’s have a look at a few possible cyber attacks you could encounter simply by logging into their WiFi.
Firstly, man-in-the-middle attacks (MitM). This person will essentially hijack data transmissions, stealing and altering the data being exchanged.
WiFi eavesdropping occurs when cybercriminals use tools designed to capture unencrypted data that is sent over the unsecure network. This puts your sensitive data at risk, including login or financial details.
Faux WiFi networks draw you in, ensnaring you with similar names to the legitimate network. When working remotely, it’s so easy to fall into this trap and innocently connect, but whatever you do in that cafe can then be monitored, and you are left vulnerable to attacks.
Weak endpoint security and lack of antivirus measures
Antivirus measures work by detecting malicious code, such as ransomware, stopping the virus in its tracks, before it has time to obtain any of the data it’s searching for. Using AI technology endpoint security software keeps itself up to date with evolving remote worker cyber security threats, keeping your remote working devices secure at all times. It is crucial that you keep up-to-date with the latest measures to avoid these cyber attacks and malware infections, ensuring remote workers are secure when away from the office.
Insider threats
We usually picture somebody hunched over a computer in a dark room, we don’t know them and they don’t know us. However, this isn’t always the case, as threats to cyber security can come from the inside. Deloitte released data from a survey conducted in 2021, that reported 26% of respondents feel keeping sensitive documents and data enticing, as there is potential to use the information in the event of company bankruptcy or as blackmail if they lose their job.
What we recommend
Sophisticated cyber threats require sophisticated security measures. When working from home you must stay vigilant and knowledgeable, always ensuring you:
- Use a secure VPN
- Keep software up-to-date
- Utilise multi-factor authentication
- Regularly backup data
- Encrypt sensitive data
- Avoid public Wi-Fi
- Invest in a dark web monitoring service to identify compromised emails and passwords
- Enable mobile device management for any corporate laptops and mobiles
- Adopt employee training to: raise awareness of phishing emails, ensure strong passwords are used, ensure that security incidents are reported, make company security policies understood
Working from home has so many undeniable benefits for both company and employee, and although there are risks, if properly safeguarded against, these cyber threats are a non-issue. Cybercriminals should not have the power to interfere with day-to-day functions, so if you don’t give them an inch, you don’t have to give them a dime.
How Cyber Security Awareness can help with remote worker cyber security
With our new cyber security offering we can give you the fishing rod and the fish, helping to provide a blend of products that ensures your staff are constantly protected from any threats and are trained to identify threats to your network perimeter. Find out more by contacting Cyber Security Awareness on 01256 379 977 or email us at sales@cybersecurityawareness.co.uk.
