Does remote working increase cyber exposure?
It is not a novel idea to operate from home. Many employees have been working remotely for the past few years- as indeed have a number of Vista staff. The vast majority have managed to do so without falling victim to a craftily-worded phishing attempt or installing credential-stealing malware on our computers.
What has changed in our new coronavirus pandemic impacted world is the sheer numbers of workers across the globe who have been forced to accept this supposedly “new” way of working. Our inboxes have been flooded with emails warning of the “devastating” security risks associated with remote work and how unprepared companies were to navigate this “unprecedented” transition.
Buying a good insurance product to protect the company balance sheet against any potential costs and losses is important and having great systems of security and good practice can help get your premium lower.
What are some of the security risks of working remotely?
It may seem basic, but reliable and secure internet is not a utility readily available to all remote workers. Persons in homes of multiple occupancy or in apartments where WIFI signals can be accessed by neighbours increase risk. However, working on a public networks like the ones in coffee shops and cafes can be even more risky (Not a risk currently if they are all shut).
Surveys have confirmed that as many as 60% of employees have accessed the internet over public networks.
90-95% of all successful cyberattacks are phishing attacks. Phishing attacks remain, far and away, the most common method that hackers use to gain access to sensitive information. As the BBC reports, COVID-19 themed email scams are on the rise in the form of fake tax, charity, and government correspondence — and work inboxes are not immune.
Computer sharing and personal use
It may sound obvious, but sharing a work computer with family members or housemates can pose a potential security risk. This should be avoided, especially if your work product includes sensitive information about clients.
Using a work computer for personal activities is also risky. If possible, it’s best to have separate devices for work and personal use.
Insecure mobile devices
Many of us have at least some work product stored on our mobile devices. In their mobile threat landscape report, Wandera revealed that 57% of organizations experienced a mobile phishing incident.
How to address remote work security challenges:
Accommodate the increase of remote VPN workers
For many companies, their VPN infrastructure was not built to handle the entire organization working remotely and the need to scale quickly can prove challenging. It is also a key access point to business data that should be made as secure as possible with double password protocols and frequent (however annoying) password changed – and making sure leavers are blocked immediately.
Keep devices patched and up-to-date
The UK’s National Cyber Security Center’s official remote work guidance encourages IT teams to “ensure staff understand the importance of keeping software (and the devices themselves) up to date, and that they know how to do this.”
Boost security awareness with mandatory training
Security training for employees can help them understand how to avoid phishing attacks and other scams. Some studies suggest that security-related risks can be reduced by 70% when businesses invested in cybersecurity training.
A short training course will encourage workers to remain alert and avoid risky behaviours like clicking unknown links and accidentally downloading infected documents.
Encourage good basic digital hygiene
What is good digital hygiene? It just means that you’re using common sense security measures to mitigate any potential online risks to yourself and your company. Not sharing a work computer or using a single sign-on service or password manager, and turning on two-factor authentication when you can are some ways to make data breaches are far less likely.
Become proactive in risk management
It is good practice to assume that whatever can go wrong, will go wrong. Is there a procedure in place in case of a data breach? Does your company have policies that act as preventative measures for these scenarios?
If you have insurance in place most include cover for a specialist to assist the business post attack which can prove incredibly valuable in reduction of disruption and maintaining customer confidence.
However, this should not replace the need for strong policies and action plans to help reduce risks as much as possible.
Give clear security guidance
Are employees prohibited from connecting to public networks from work devices? Spell it out. Are they barred from using certain tools and applications? Let them know. Is personal use of work equipment allowed? Make sure the rules are understood and enforced. While each business will have its own protocols, one important part of this process is remaining clear and consistent in relaying this information so it is accessible to all employees, remote or not.
Use cloud software solutions for file management
Long gone are the days of carrying around USB drives with sensitive files on them — at least we hope they’re long gone. Solutions like Google Drive and Dropbox are preferred methods of file sharing and management.
So does remote working increase Cyber Risk?
Yes it does but like all risk taking the right action like those above could in some ways make the risk lower.
Applications for Platform as a Service (PaaS) and Software as a Service (SaaS), which have increased in popularity in recent years, allow IT teams to monitor who, regardless of the location of the employee, has access to those applications and services.
A Less Risky business?
Although it is definitely true that the number of cybercriminals trying to capitalize on the pandemic and the increasing number of remote employees is rising – Google said in April that it blocked some 18 million phishing emails related to coronavirus a day – this does not mean that these attempts are being successful.
There has not yet been a report on a significant intrusion or assault that has occurred purely as a result of workers working from home, and that is ultimately due to the fact that your home office can be as well protected as your workplace in most situations.
Some also believe that, although many hackers have attempted to cash-in on the current situation, a remote working environment is not necessarily an attractive target for most cybercriminals and the risk to home-based employees is therefore lower than for those in a traditional office.
Some good news is that working from home, combined with the transition towards cloud services such as Office 365, means that within an enterprise there is a more significant distance between endpoints, making it much more difficult for rapid expansion of cyber-attacks across entire networks.
The growth of remote work should not be seen by businesses as an imminent cybersecurity danger, but it should stimulate further discussions on new cybersecurity models, training and strategies
For further information our to arrange cyber insurance contact us today