Working remotely carries cybersecurity risks for companies. Here’s what you can do about it

Cybersecurity risks and exposure associated with remote working continue to challenge companies and their IT teams, leading even small and mid-sized companies to look for ways to expand their security nets.

“You can’t expect everyone working at home to know what they need to install and what equipment will be secure and compatible with office network security,” said Scott Schulze, CEO and director of operations for Fusion Technology Solutions in Healdsburg, with offices in Southern California and Colorado. “Not being able to have 100% total network security is a challenging fact of life, especially among employees working remotely where risks can be higher than at an office. Everyone should be prepared by finding ways to minimize exposure and reduce threats.”

With 49% of teleworkers using privately owned computers and laptops, based on a Morphisec WFH Employee Cybersecurity Threat Index report last July, there’s even more to take into account in working from home.

“We’re performing an increasing number of vulnerability assessments to identify weaknesses and holes in client systems and networks, and also looking at ineffective passwords and a lack of software patching updates, while also identifying and monitoring anomalies that must be investigated,” Schulze said.

Cyber threats: A two-edged sword

Incoming and outbound messages to and from a remote worker can be compromised with malware and ransomware that can infect a remote worker’s computer and a company network.

According to OpenVPN, 54% of IT professionals consider remote workers to pose a greater security risk than company onsite workers. This assessment comes at a time when the number of people who work from home has increased 159% since 2009, reported Global Workplace Analytics.

“Remote employees need to know what to look for, how to identify suspicious activity and how to report it to their company IT personnel or the security operations center for remedial action,” Schulze said.

He said those at such a center are also an excellent source of information on what upgrades are needed at home.

“Ask them, ‘What can I do to be more secure?’” Schulze said.

Teleworkers are always at risk of cyberattacks, especially if they combine work with “break time” or “cyber-loafing” social media connections and downloads of news, blog posts and information on recreational sites using the same PCs.

“It is important for remote team managers to provide cybersecurity training and to make sure that employees working from home have secure software, and other safeguards such as virtual private networks and firewalls to protect their PCs and laptops,” said Schulze.

Schulze also recommends examining how remote workers access data and where it resides. Extra layers of security can include two-factor authentication (2FA), secure VPN (virtual private network) and secure firewalls as well as utilizing extended detection and response (XDR/EDR) support.

XDR is gaining traction as an alternative to end-point security solutions limited to only one security layer. It identifies and tracks threats across multiple system components, improves detection and response speed to identify threats and enables security teams to work more effectively and efficiently using alert integration, automated investigation and mediation tools.

User education: An urgent need

Lack of user education and ways to control the end-point IT environment is a big security concern these days, according to Mark Gilbert, CEO at North Bay IT Solutions in San Rafael and a partner with Don Hartung in H3 Systems in Napa.

“Workers at home often do not have access to the same level or frequency of training as office workers receive,” Gilbert said. “When working offsite, there is a greater chance of the wrong things getting into a remote employee’s personal network.”

In a 2022 Findstack study of how often organizations provide remote worker cybersecurity training, only 23% said more than twice a year, 32% said twice a year, and 25% said annually. Some 8% reported such training was limited to initial onboarding, and only 11% reported their firm has an e-learning platform for employees.

“Today IT network managers are deeply involved with company security teams in planning a security roadmap that involves setting compliance parameters and putting rules into practice,” said Gilbert. “At the same time, obtaining cyber insurance is becoming more difficult as insurers are beginning to deny coverage unless the client formalizes and implements best practices.”

He is seeing a surge from small and mid-sized business customers asking questions about where they want their business to be in five years, how to assess cyber risks and how to effectively secure their systems to get there.

Gilbert said, for small businesses, sole proprietorships and those working at home, using a layered approach to security is recommended. Here are some suggestions:

• Back up data three ways: onsite, offsite and in the cloud for quick recovery;
• Use enterprise-grade antivirus products.
• Keep computer software patches up to date, and upgrade firmware as needed.
• Provide frequent cybersecurity instruction for remote workers.
• Be careful when buying IT equipment. Security is not naturally built in.
• Develop a relationship with a local managed services provider to continuously monitor your network and provide ongoing support.

“Diagnostic tools and potential threat monitoring should be part of this overall multi-layered discussion as a way to mitigate and eliminate potential harm,” Hartung said.

He said with inflation and rising costs, business owners are putting their sights on the price tag when it comes to implementing security.

“Security does not have to be super expensive and is well worth it to reduce or avoid hidden costs associated with a loss of productivity and downtime along with the value of data that could be compromised, held for ransom or lead to litigation over violations of privacy and confidentiality,” Hartung added.

Change your access keys from device defaults

Aaron Dinette, vice president of IT systems at NIMS and Associates in Petaluma, said details in a remote work environment are key.

“Default router credentials come with every device that uses a pre-shared key that is eight or more characters in length,” Dinette said. That key can be up to 63 characters. “Nine out of 10 times, these access keys are never changed, meaning bad actors with skills can attack.”

WiFi protected access (WPA) ensures that data sent or received over a wireless network is encrypted, and only those with a current network password can get in. WPA2 also introduced the advanced encryption system (AES), with 128-, 192- or 256-bit block ciphers.

“When you get a new router or any device with password protection, I recommend that you change the access key right away,” Dinette said.

He suggested changing the key to a unique 11-character (or more) sequence including at least one capital letter, one number and one symbol. The more complex the sequence, the better protected the network becomes.

“When using a PC or company-provided computer in a remote setting, shared responsibility rules should be in place as part of a work-from-home formal agreement. To maintain overall network security, the company’s IT department and management must be OK with remote workers using their own PCs, laptops and other devices,” Dinette noted.

He said antivirus/antimalware software is a must, and most companies are also consolidating the management of endpoint locations within a security operations center, as well as upping the level of intelligent machine learning to block crypto (any unauthorized attempts to gain access to a computer) and ransomware attacks by utilizing next generation XDR/EDR with centralized management in the cloud.

For large files, Box and Dropbox provide some level of security, but the correct answer is to tie into a corporate solution like Microsoft 365 – which includes OneDrive, Microsoft Teams, SharePoint — or Google’s G-Suite with Google Drive governed by policies and security limits that can include inviting third-party collaboration (using Shared links, Sharepoint Libraries, etc.) located in separate folders in the cloud for greater protection, Dinette said.

Single sign on (SSO), in combination with multifactor authentication (MFA; such as getting a text message with a verification code), is another access tool benefitting remote users that uses one set of credentials to tie into the on-premises corporate network access multiple resources. It can be configured to use active directory sync technology to tie into the on-premise corporate network enabling an employee to access data in the cloud, at the office, or at home. When used properly, MFA can stop up to 90% of accounts from being compromised, according to Microsoft.

Dinette said Microsoft Windows and MacOS products come with built-in firewalls that – at the very least -- should be leveraged. However, remote users can purchase more robust third-party software, firewalls and hardware security devices that can be configured to act as a secure gateway to the network.