Friday, 30th July 2021

The hidden cybersecurity dangers of remote work (and what to do about them)

By Darren Guccione, CEO & Co-founder of Keeper Security.

The long-term implications of COVID-19 have been a point of endless discussion among businesses ever since the world went into lockdown back in March 2020. Since then, the rise of remote work has become a catalyst to transform the very fabric of modern workplaces for all of us. In some ways, the introduction of wider remote working has been a positive thing. Many people have been given the opportunity to spend more time with their loved ones and take hours of their day back by skipping the commute.

However, there are also some potential drawbacks. Notably, remote work has made businesses more prone to cyberattacks given they have less control over the devices and their connection to the company network. Unaddressed, these risks can have a crippling effect on organisations. It is therefore pivotal that businesses take action to address the dangers remote work brings sooner rather than later.

Building up the walls

Businesses need to be fully prepared for a prolonged increase of cyber risks associated with remote work. To sufficiently arm themselves against any threats, they must assess the current processes, systems, and policies they have in place to defend themselves. Organisations cannot afford to simply ignore the risks, regardless of whether their workforce is operating remotely or not. The current state holds cause for concern, with nearly three in five UK businesses without a clear and specific remote work security policy in place. In the current climate, the lack of these policies is a serious issue.

When businesses do begin to roll out such policies, they should be combined with an extensive cybersecurity education programme for all employees. In fact, research suggests that two-thirds of UK businesses have not provided their remote workers with any form of cybersecurity training. This is particularly worrying given employees are an organisation’s first line of defence. With cyberattacks becoming more sophisticated, the onus is now on employers to train their teams accordingly to quickly and confidently identify attempted data breaches.

The way businesses think about and store information such as user credentials or critical files needs to take a front seat. Businesses must incorporate zero-knowledge encryption to protect these files so that, should cybercriminals breach a company’s defense, they will be unable to access any encrypted information. A centrally managed cybersecurity platform allows companies to protect their credentials by quickly and easily resetting them and revoking access to existing users to stop criminals in their tracks.

A multitude of physical and virtual threats

As most businesses have been forced to work remotely in some capacity, employees are finding themselves with access to sensitive and confidential information in their own homes - and often on their personal devices. Research has found that UK businesses are also very

concerned about the potential risks of attacks on their employees due to a lack of physical security in employees’ homes. However, even with the most cutting-edge home security systems in place the threat of people accessing devices - physically or virtually - in a home environment is still very real, with the research findings suggesting that one third of attacks in the last year were caused by compromised devices.

Previously, access to virtual information was primarily provided via devices that were all in the same physical, often corporate, space and thus easier to monitor and safeguard. However, as employees have adapted to the working world away from the office, devices being compromised both physically and virtually now represent a very real risk to the business. But it is not just the physical threats that are worrying organisations. The virtual space is also becoming increasingly dangerous, as businesses are considered an increasingly lucrative target for cybercriminals.

Figures suggest that almost 60% of UK companies were subject to a cyberattack this year, with half of those malware-based. Malware attacks have become the tool of choice for those looking to financially profit from such attacks. However, this year has also seen an increase in cybercriminals using phishing attacks or social engineering to access user credentials, then abuse them to disrupt organisations or sell to the highest bidder on the dark web. Research has shown that 62% of businesses globally, and a worrying 79% of companies in the UK, have seen an increase in phishing/social engineering attacks since the beginning of enforced lockdowns due to the pandemic.

These statistics demonstrate the continued importance of how organisations must keep cybercriminals at bay by being able to actively manage and, if necessary, disable user credentials.

The migration from the office to the kitchen table, makeshift desk or study has been vital in ensuring the continuity of businesses and the UK economy. But as affected businesses rush to get operations back up and running again, the cybersecurity implications have been enormous. The good news is it is not too late to fix this. If UK businesses take stock now of their remote work policies and systems, re-evaluate them and put adequate cybersecurity solutions in place, they will be well prepared to fend off the inevitable barrage of cyberattacks heading their way in the future.

With hope on the horizon and a COVID-19 vaccination schedule in place, businesses are looking ahead...
By Dr. Andrew Shields, Head of Quantum Technology at Toshiba Europe.
By Rani Osnat, VP Strategy at Aqua Security.
Nigel Thorpe, technical director at SecureAge Technology questions whether security by design will e...
By Adam Philpott, EMEA President, McAfee.
Everyone is petrified of ransomware attacks right now, and with good reason. The attacks have penetr...