The biggest remote working security risks to your business are an overburdened IT security team, employees using their personal devices, unsecured networks, out of date software and patches, phishing attacks, and unmonitored access to company data and systems.
These remote work security risks affect businesses and their employees in different ways but the result is the same – a dilution of your company’s overall security posture and a bunch of remote working vulnerabilities.
In this blog post, we explore:
- Why remote work security concerns are important to address
- The biggest risks of remote working to be aware of as a business
- The risks of working remotely for employees
- How you can resolve these risks with the right solution
Why remote work security concerns are important to address.
It’s important to address work security concerns to protect data assets, systems, and networks from unauthorized access, theft, damage, and other malicious or negligent activities.
In spite of the importance of addressing these remote work risks, some businesses fall into the trap of thinking either:
This sounds bad but it’s probably not that common
It’s not as awful as it sounds
Bad news—both of these remote work risk stances will cause you problems—and big ones, too.
First, working from home (WFH) has caused cybersecurity attacks to skyrocket.
According to Accenture’s State of Cybersecurity Resilience report, in 2021 when WFH became ubiquitous, an average company experienced a 31% increase in attacks (unauthorized access of data, applications, services, networks, or devices) compared to 2020.
And second, according to Acronis’ annual end-of-year Cyberthreats Report, the average cost of a data breach is expected to be over $5m dollars per incident in 2023.
But information and systems security is not a new discipline—they've kept us safe in our offices for decades—so why are the security risks of remote working so challenging to overcome?
In short…because WFH security risks are really complex…
What are the biggest remote working security risks to be aware of as a business?
The biggest work from home security concerns for businesses are:
- A greater number of end-points to protect and a lack of oversight over them (ask literally any CISO)
- Use of unsecured networks
- Out of date software and patches
- Unmonitored access to company data and systems
As we’ve seen from the stats above, these are very real risks—not theoretical ones.
Which means if things like remote worker data protection aren’t part of your current WFH IT security plan—they should be.
But while employees are also exposed to many of the WFH risks, it’s the businesses that ultimately have the most to lose when risks become reality.
Below we explore the biggest risks your businesses needs to be aware of:
Overburdened IT security teams
In a remote working environment, businesses have a much bigger digital ‘perimeter’ to monitor.
For example, in an office they might have up to four WiFi networks to worry about. In a remote working setup, they need to consider one for each employee plus any public WiFi networks they might connect to.
An overstretched IT team can drastically lower your WFH security posture. That’s because even if you have the ability to deal with a threat, you might not be able to detect it quickly enough to prevent damage.
In fact, Accenture’s research in the Netherlands found that over half of the companies surveyed took a full seven days to successfully detect a breach. That’s a lot of time for bad actors to get what they want before you ever know they’re there.
When you have a remote workforce, your business relies more heavily on Cloud technologies. Combine this with overstretched security teams, and your business is more likely to fall prey to a completely** different kind of WFH risk—cloud misconfigurations**.
These small misconfigurations can have big business consequences. Just ask Estee Lauder.
As Forbes reported, In 2020 Estee Lauder left 440 million plaintext records (including production logs, error logs, and even user email addresses) exposed in a cloud database that was not password protected.
Personal devices are one of the biggest risks of remote work—and their use is widespread.
Of the companies surveyed in Check Point’s 2022 Workforce Security Report, 51% said they allowed employees remote access to corporate applications from personal mobile devices, with 52% allowing them to do so from personal laptops.
Personal devices hike up the risk level as they often do not have the same level of security as office-based devices, especially when it comes to the security software installed on the device.
Security teams have little to no control over the security software on personal devices. Such software is often expensive and eats up employee’s storage—many of whom would rather keep that space for personal things like photos, or games—which means they simply don’t install it.
Unsecured networks can also cause WFH businesses serious headaches. That’s because as soon as employees step out into the world of public WiFi networks—it’s the wild west.
Why? Because such networks are often not secure and can be easily hacked. In some cases, hackers will even set up fake public WiFi connection points to trick users—before you know it you’re exposed to data interception (amongst other things).
And even when your employees aren’t logging on from a dodgy connection point by the beach, home WiFi networks can cause issues. That’s because the majority of home WiFi networks are not secured with up-to-date encryption or authentication methods.
Many have never even changed their access password.
Out of date patches
Another risk related to the use of personal devices is that most of us don’t seek out the latest updates for our software on personal devices. If we’re really honest, a lot of us snooze or ignore the notification even when our devices repeatedly nudge us to keep our device protected.
This means sensitive data is being handled by machines that have known vulnerabilities, not just potential ones. And if you think these are edge cases, think again. According to the Ponemon Institute, 60% of breached victims were breached due to an unpatched known vulnerability where the patch was not applied.
Easy access to sensitive information
The combination of the above factors also ups the ante on “need to know” confidentiality principles.
Without the ‘physical’ perimeter of the office, you need to think much harder about who in your organization has access to what information. If you’re inviting a motley crew of personal devices, WiFi access points, and unpatched vulnerabilities—you really don’t want your most sensitive data being accessible to your entire organization.
The less control you have over the working environment, the more you’ll need to control access.
This is a pretty heavy burden but as we see in the next section, employees also share the risk of remote working…
What are the risks of remote working as an employee?
Many of the security risks working from home heaps on your businesses, also affect your employees.
This is by no means an exhaustive list but the key remote working risks that employees need to be aware of are: personal device attack, webcam hacking, tab juggling error, phishing attacks, and physical device or data theft.
Simply put, the more potential value a hacker sees in the data you have on your device, the more likely they are to try and gain access to it.
This means that the more you use a device also when working from home, the more attractive a target you become for malicious minded folks. And once they’ve hacked your device it’s not just your work data that’s exposed— it’s your banking, personal, and messaging data too.
Webcam hacking (AKA ‘camfecting’) is a particular risk for employees when working from home.
We spend far more time on virtual conferencing bridges at home than ever before. And with the responsibility for updating security applications laid at our doors as employees, the possibility of getting caught out by a Trojan virus is higher than ever.
And when that happens, a hacker could take control of your webcam and record you at home. This is a huge invasion of privacy. One in which you or any one you live with can become exposed or held ransom over the videos or images you’ve had stolen from you.
We're also more likely to be juggling multiple browser tabs when working from home or when using personal devices. Maybe you’re using your lunch break to play video games, or simply check your socials.
Either way, it makes it far more likely you might accidentally paste sensitive company data from your clipboard into a public forum such as private messages, group chats, or even social media posts.
This kind of accidental insider threat is all too common and can leave employees in hot water with their company.
There are a lot of people who believe that only fools get phished. But who of us can really say that we’d notice the difference in an email from email@example.com vs. firstname.lastname@example.org—they look the same until you realize one is from “tom” and the other is from “torn”.
The lack of facetime that WFH involves also means we send more emails to our colleagues. In fact, the move to remote working has given rise to what people are calling “email fatigue”. All of which means, there’s more chances for phishers to get us to fall for their tricks. And, without direct oversight from our IT department, these hacks may go undetected for longer.
Finally, there’s an issue that’s been around since the dawn of time—physical theft. A huge benefit of remote working is that we should be able to work from anywhere. But the more we change locations, the more likely we are to have work laptops stolen or to leave them behind.
When you add personal devices into the mix that becomes even more of an issue because there’s not just the risk of us having our work laptop stolen after a home break in.
There’s also the chance that we might have our phone pick-pocketed on a city-break weekend, which can then be used to access a swathe of sensitive company information.
Conclusion: work-from-home security risks are common but resolvable with the right solution.
Now the picture may look a little bleak at this point—but with WFH here to stay the question is not ‘how risky is remote working’ but more ‘what are the risks and rewards of remote working’. Ready to dig into this in detail? Check out our page on that very subject.
In short, the best way to mitigate for each risk of remote working and access the rewards, is to use a dedicated WFH environment solution.
Such solutions are crucial because (when done right) they can allow you to keep your remote workers safe, without constricting your productivity.
Not all WFH environment solutions are made equal. But some of the potential benefits include the ability to:
- Secure remote workers using an application which automatically performs security updates
- Customize your compliance (add industry-specific policies, processes and background checks to suit your needs)
- Create a secure environment that can only be accessed by the end user
- Block copy/paste, screenshots, screen shares and downloads-to-device
If you want to find out how Cubeless deals with the security risks of working from home without diluting the benefits—check out our product page.
Or if you’d like to know more about what you need to consider before you choose a WFH solution, click here to read our remote-native security checklist.