Working remotely carries cybersecurity risks for companies. Here’s what you can do about it
Cybersecurity risks and exposure associated with remote working continue to challenge companies and their IT teams, leading even small and mid-sized companies to look for ways to expand their security nets.
“You can’t expect everyone working at home to know what they need to install and what equipment will be secure and compatible with office network security,” said Scott Schulze, CEO and director of operations for Fusion Technology Solutions in Healdsburg, with offices in Southern California and Colorado. “Not being able to have 100% total network security is a challenging fact of life, especially among employees working remotely where risks can be higher than at an office. Everyone should be prepared by finding ways to minimize exposure and reduce threats.”
With 49% of teleworkers using privately owned computers and laptops, based on a Morphisec WFH Employee Cybersecurity Threat Index report last July, there’s even more to take into account in working from home.
“We’re performing an increasing number of vulnerability assessments to identify weaknesses and holes in client systems and networks, and also looking at ineffective passwords and a lack of software patching updates, while also identifying and monitoring anomalies that must be investigated,” Schulze said.
Cyber threats: A two-edged sword
Incoming and outbound messages to and from a remote worker can be compromised with malware and ransomware that can infect a remote worker’s computer and a company network.
According to OpenVPN, 54% of IT professionals consider remote workers to pose a greater security risk than company onsite workers. This assessment comes at a time when the number of people who work from home has increased 159% since 2009, reported Global Workplace Analytics.
“Remote employees need to know what to look for, how to identify suspicious activity and how to report it to their company IT personnel or the security operations center for remedial action,” Schulze said.
He said those at such a center are also an excellent source of information on what upgrades are needed at home.
“Ask them, ‘What can I do to be more secure?’” Schulze said.
Teleworkers are always at risk of cyberattacks, especially if they combine work with “break time” or “cyber-loafing” social media connections and downloads of news, blog posts and information on recreational sites using the same PCs.
“It is important for remote team managers to provide cybersecurity training and to make sure that employees working from home have secure software, and other safeguards such as virtual private networks and firewalls to protect their PCs and laptops,” said Schulze.
Schulze also recommends examining how remote workers access data and where it resides. Extra layers of security can include two-factor authentication (2FA), secure VPN (virtual private network) and secure firewalls as well as utilizing extended detection and response (XDR/EDR) support.
XDR is gaining traction as an alternative to end-point security solutions limited to only one security layer. It identifies and tracks threats across multiple system components, improves detection and response speed to identify threats and enables security teams to work more effectively and efficiently using alert integration, automated investigation and mediation tools.
User education: An urgent need
Lack of user education and ways to control the end-point IT environment is a big security concern these days, according to Mark Gilbert, CEO at North Bay IT Solutions in San Rafael and a partner with Don Hartung in H3 Systems in Napa.
“Workers at home often do not have access to the same level or frequency of training as office workers receive,” Gilbert said. “When working offsite, there is a greater chance of the wrong things getting into a remote employee’s personal network.”
In a 2022 Findstack study of how often organizations provide remote worker cybersecurity training, only 23% said more than twice a year, 32% said twice a year, and 25% said annually. Some 8% reported such training was limited to initial onboarding, and only 11% reported their firm has an e-learning platform for employees.
“Today IT network managers are deeply involved with company security teams in planning a security roadmap that involves setting compliance parameters and putting rules into practice,” said Gilbert. “At the same time, obtaining cyber insurance is becoming more difficult as insurers are beginning to deny coverage unless the client formalizes and implements best practices.”