How to improve cyber security with a remote workforce
Remote work can introduce new cyber risks, e.g., using personal devices to access sensitive data. This guide can help companies manage remote work cyber risks.
Managing cyber security can be hard enough for any organisation, but the rapid growth of remote working can introduce even more risk management challenges. With workers not in the office, their use of both corporate and personal devices may differ, which can affect data security. Remote work can also introduce risks such as employees accessing business applications on potentially less secure WiFi networks, especially if they’re working from a public place.
Businesses need to adapt their cyber security posture to protect against these new types of cyber risks. In this guide, we’ll look more closely at some of the new cybersecurity risks that can coincide with having a remote workforce, and we’ll examine some of the ways to address these new cyber threats.
Cyber security risks related to remote working
While much remains to be seen regarding how companies adapt to having a remote workforce, the quick shift to remote during the height of Covid-19 introduced new cyber security risks. Previously, 71% thought their organisations “were effective at mitigating risks, vulnerabilities and attacks,” but that dropped to 44% during the pandemic, according to a study commissioned by Keeper Security, conducted by Ponemon Institute.
As one example of a new threat, 47% of respondents to the Keeper Security/Ponemon Institute survey say the lack of control over remote workers’ physical security is the most concerning security risk.
Without the physical security a company might have in place within an office, such as ID badges, corporate devices and data security could potentially be at greater risk. An employee might accidentally leave their computer at a coffee shop when working remotely, or an unscrupulous visitor to that employee’s home could come across sensitive data.
Another new risk area relates to how remote workforces access corporate systems and information. The same study found that around two-thirds of IT staff worry about employees using their own devices to access important applications and IT infrastructure. Personal devices might not have the same security in place that prevents cybercriminals from then gaining access to corporate information.
Yet providing corporate-owned devices to a remote workforce isn’t automatically a cure either. Over two-thirds of employees use corporate devices for personal use too, according to a CyberArk study. That could then lead to employees accidentally downloading malware or visiting an untrustworthy site on a company-owned computer, for instance.
Building a robust cyber security plan for a remote workforce
Given the many different types of risks that remote working can introduce, companies may need to adapt their cyber security strategies. Doing so can require a multi-faceted approach, as a remote workforce needs to both have the tools and technology in place to manage data security, while also having proper risk management training that helps them recognise cyber threats and make better security choices.
Educating employees on remote work cyber security
In general, companies can often do more to educate employees on cyber security and assess their preparedness, such as through phishing email tests. But it’s particularly important to educate a remote workforce on remote-specific policies and best practices, given that employees may be even less familiar with these new risks.
“Training is crucial to help your teams to become cyber-aware. Plan a program of learning, with a mix of online learning, classroom (virtual or real-world) and regular advice by email,” advises Kaspersky, a cyber security software company.
In particular, companies should educate remote employees in areas such as:
Rules for using corporate devices: You might not want to ban personal use, but instead be realistic about balancing risk management with providing a good employee experience. Perhaps you can ask employees to avoid certain risks like downloading personal software, but you can allow other activities like browsing reputable websites.
Rules for using personal devices: Remote employees may be on their personal devices more as the lines between work and life blur, so set clear rules for what and how business information/systems can be accessed from personal devices. For example, you might be fine with employees accessing their work email from mobile devices, but you might ask that they set up device passcodes and two-factor authentication for email apps in case their devices fall into the wrong hands.
Recognising remote-specific risks: Cyber criminals can unfortunately be clever and come up with situational scams. For example, they might send out phishing emails that trick employees into thinking they’re downloading something that enables remote work. Train employees on what to watch out for.
Start improving cyber security for your remote workforce
In addition to educating your remote workforce about cybersecurity risks, it can also be helpful to use technology to manage some of the risk that comes from being outside the office. Virtual private networks (VPNs), for example, can be used to enable remote employees to privately access corporate networks, as home WiFi networks or public ones may not be as secure.
Other ways to use technology include enabling two-factor authentication, as previously mentioned. That way, even if a remote employee has their login credentials compromised, there can still be another layer of security, such as with a code being sent via text message to complete a login. Yet around one-third of employees say their companies have not added login protocols since Covid started, according to an AT&T survey in the U.K. and Germany.
Cybersecurity software can also be a big help. Holistic cybersecurity systems can extend cyber threat monitoring to the many endpoints used to connect to corporate networks by a remote workforce. They can also often identify malicious websites, spot phishing attempts, and block attempts to install malware, among other protections.
Start improving cyber security for your remote workforce
Remote work can be great for things like employee experience and attracting talent from any location. But it can also create new cybersecurity risks. So, it’s important for your company to adapt accordingly.
If you’re ready to explore your options to upgrade your cyber security system, Software Advisory Service can help. We're a technology consultancy using procurement best practice and data insights to save companies time and money. Our goal is to make business technology procurement simple, transparent, and cost-effective. Click the button below to book a consultation at your convenience. We won’t charge you anything, and we won’t share any of your project details without your explicit approval.
5 reasons to choose a best-of-breed FMS
Both financial management systems (FMS) and ERPs can help organisations manage their finances,...
3 key benefits of invoice automation
Invoice automation can provide benefits such as fewer errors, time savings, and improved cash ...
7 benefits of using a WMS
A warehouse management system (WMS) can help businesses in several ways, such as gaining real-...
5 HR considerations for hybrid working
When migrating to a hybrid-working environment, HR teams need to consider several factors, suc...
Must-Have CRM Features
A CRM today must be more than just a database. This guide explores important features, ranging...
Introduction to VoIP
In this introduction to VoIP, we’ll dive into what businesses need to know about this technolo...
Accounting Software Benefits for SMEs
Accounting software can offer several benefits for SMEs, such as increasing efficiency. This g...
Key features and benefits of cloud
Cloud services provide many valuable business features, such as the ability to access software...