News

11 January 2021

Does remote working increase cyber exposure?

It is not a novel idea to operate from home. Many employees have been working remotely for the past few years- as indeed have a number of Vista staff. The vast majority have managed to do so without falling victim to a craftily-worded phishing attempt or installing credential-stealing malware on our computers.

What has changed in our new coronavirus pandemic impacted world is the sheer numbers of workers across the globe who have been forced to accept this supposedly “new” way of working.  Our inboxes have been flooded with emails warning of the “devastating” security risks associated with remote work and how unprepared companies were to navigate this “unprecedented” transition.

Get insurance

Buying a good insurance product to protect the company balance sheet against any potential costs and losses is important and having great systems of security and good practice can help get your premium lower.

What are some of the security risks of working remotely?

Unsecure networks

It may seem basic, but reliable and secure internet is not a utility readily available to all remote workers.   Persons in homes of multiple occupancy or in apartments where WIFI signals can be accessed by neighbours increase risk.  However, working on a public networks like the ones in coffee shops and cafes can be even more risky (Not a risk currently if they are all shut).

Surveys have confirmed that as many as 60% of employees have accessed the internet over public networks.

Phishing attacks

90-95% of all successful cyberattacks are phishing attacks. Phishing attacks remain, far and away, the most common method that hackers use to gain access to sensitive information. As the BBC reports, COVID-19 themed email scams are on the rise in the form of fake tax, charity, and government correspondence — and work inboxes are not immune.

Computer sharing and personal use

It may sound obvious, but sharing a work computer with family members or housemates can pose a potential security risk. This should be avoided, especially if your work product includes sensitive information about clients.

Using a work computer for personal activities is also risky. If possible, it’s best to have separate devices for work and personal use.

Insecure mobile devices

Many of us have at least some work product stored on our mobile devices. In their mobile threat landscape report, Wandera revealed that 57% of organizations experienced a mobile phishing incident.

How to address remote work security challenges:

Accommodate the increase of remote VPN workers

For many companies, their VPN infrastructure was not built to handle the entire organization working remotely and the need to scale quickly can prove challenging.  It is also a key access point to business data that should be made as secure as possible with double password protocols and frequent (however annoying) password changed – and making sure leavers are blocked immediately.

Keep devices patched and up-to-date

The UK’s National Cyber Security Center’s official remote work guidance encourages IT teams to “ensure staff understand the importance of keeping software (and the devices themselves) up to date, and that they know how to do this.”

Boost security awareness with mandatory training

Security training for employees can help them understand how to avoid phishing attacks and other scams. Some studies suggest that security-related risks can be reduced by 70% when businesses invested in cybersecurity training.

A short training course will encourage workers to remain alert and avoid risky behaviours like clicking unknown links and accidentally downloading infected documents.

Encourage good basic digital hygiene

What is good digital hygiene? It just means that you’re using common sense security measures to mitigate any potential online risks to yourself and your company. Not sharing a work computer or using a single sign-on service or password manager, and turning on two-factor authentication when you can are some ways to make data breaches are far less likely.

Become proactive in risk management

It is good practice to assume that whatever can go wrong, will go wrong. Is there a procedure in place in case of a data breach? Does your company have policies that act as preventative measures for these scenarios?

If you have insurance in place most include cover for a specialist to assist the business post attack which can prove incredibly valuable in reduction of disruption and maintaining customer confidence.

However, this should not replace the need for strong policies and action plans to help reduce risks as much as possible.

Give clear security guidance

Are employees prohibited from connecting to public networks from work devices? Spell it out. Are they barred from using certain tools and applications? Let them know. Is personal use of work equipment allowed? Make sure the rules are understood and enforced. While each business will have its own protocols, one important part of this process is remaining clear and consistent in relaying this information so it is accessible to all employees, remote or not.

Use cloud software solutions for file management

Long gone are the days of carrying around USB drives with sensitive files on them — at least we hope they’re long gone. Solutions like Google Drive and Dropbox are preferred methods of file sharing and management.

So does remote working increase Cyber Risk?

Yes it does but like all risk taking the right action like those above could in some ways make the risk lower.

Applications for Platform as a Service (PaaS) and Software as a Service (SaaS), which have increased in popularity in recent years, allow IT teams to monitor who, regardless of the location of the employee, has access to those applications and services.

A Less Risky business?

Although it is definitely true that the number of cybercriminals trying to capitalize on the pandemic and the increasing number of remote employees is rising – Google said in April that it blocked some 18 million phishing emails related to coronavirus a day – this does not mean that these attempts are being successful.

There has not yet been a report on a significant intrusion or assault that has occurred purely as a result of workers working from home, and that is ultimately due to the fact that your home office can be as well protected as your workplace in most situations.

Some also believe that, although many hackers have attempted to cash-in on the current situation, a remote working environment is not necessarily an attractive target for most cybercriminals and the risk to home-based employees is therefore lower than for those in a traditional office.

Some good news is that working from home, combined with the transition towards cloud services such as Office 365, means that within an enterprise there is a more significant distance between endpoints, making it much more difficult for rapid expansion of cyber-attacks across entire networks.

The growth of remote work should not be seen by businesses as an imminent cybersecurity danger, but it should stimulate further discussions on new cybersecurity models, training and strategies

For further information our to arrange cyber insurance contact us today


Latest News

  • Falling from height is the number one cause of fatal injuries to workers accounting for 25% of all fatalities
  • What Happens when a Cyber Threat Hits your Business but your Policy doesn’t Cover it?
  • What Is an Owner Controlled Insurance Program (OCIP)?
All News

Contact us

Call us now or email us on the link below.

Manchester: 0161 393 7111

London: 0203 764 0833

Email us