Why your remote workers may not be as safe as you think

Next story
Editor

According to new research from ESET, 80% of businesses worldwide are confident their home-working employees have the knowledge and technology needed to handle cyberthreats to company finances. 

ESET surveyed the attitudes of 1200 senior managers across the UK, US, Japan and Mexico for the business segment of its global financial technology (FinTech) research, exploring their attitudes toward security and FinTech. 

While many businesses expressed confidence in the face of cyberthreats, the same research also showed that nearly three-quarters (73%) of these businesses also think they are likely to be impacted by a cybersecurity incident, and half said they had experienced a cybersecurity breach in the past. Could businesses be overestimating how safe their employees are?

It is no secret that since the COVID-19 lockdowns began, we have seen a significant increase in cybercrime targeting remote workers. COVID-19 has created a range of opportunities for cybercriminals, with the panic around the coronavirus and the uncertainty caused by the rapid transition to remote work setups affording malicious actors a greater chance of success in their attacks on individuals and organizations.

As employees left the office and dispersed across various locations, devices and networks, certain deficiencies in some businesses’ security stance have likely been exposed. Many companies have had to transition from the firewall approach of the traditional office to a new distributed model. While ESET’s research shows that the majority of businesses feel that their employees are able to handle the accompanying risks, there are a series of new challenges that they may be underestimating.

The inherent risks of remote working  

Working from home means employees are connecting to the internet via their personal home router, and this means that company data can be exposed to all the dangers of public networks. So when accessing corporate intranets, using a virtual private network (VPN) is vital to creating a secure, encrypted connection.

However, issues such as slow internet, domestic distractions and simple forgetfulness can cause even the most security-conscious employee to make a mistake and connect without a VPN. This has the potential to expose individuals to malicious actors looking to spy on personal and company data. Therefore, don’t allow employees to connect to your company’s internal systems without using a VPN. For extra security, require your employees to enter a one-time code (multifactor authentication) in addition to a password in order to access your intranet.

Another issue posed by home working is that it can be tempting to switch from device to device. We live in a highly connected world, and with opportunities for socializing and leisure activities limited, we are all spending more time on our personal computers and mobile devices. Using said personal devices to check work emails or do a small task here and there can be potentially dangerous, as non-work devices are less likely to have the same levels of protection that work devices often have installed.  

Similarly, it is just as easy to make the same mistake the other way round, by visiting risky websites such as torrent pages or adult sites. These may expose work laptops to online threats, which is particularly dangerous when the device in question can provide hackers with access to invaluable corporate data. 

Lastly, there is the ever-present threat of phishing, which has been a prominent threat through the pandemic. With the health crisis providing new hooks for creating convincing phishing emails and text messages, there is a heightened risk that employees will click on malicious links or attachments and allow themselves to be duped by social engineering attacks.

How to secure your employees and your business

Because remote working has changed the way in which we interact with our teams and our colleagues, it can be hard to keep tabs on the extent to which each employee is aware of the steps they need to take to protect themselves and the company. This is why it is important to have regular training and guidance on the importance of cyber hygiene. 

It is crucial that every member of staff is proactive in making sure that their devices and files are secure, and in order for this to happen they must be made aware of the dangers that can be caused by behaviors such as using an insecure connection or device, indiscriminately clicking on links, or visiting risky websites. For some pointers on how to stay safe when working remotely, check out ESET Chief Security Evangelist Tony Anscombe’s top tips on WeLiveSecurity.

With that being said, the internet can be a dangerous place, and threats can be difficult to keep track of. No matter how much we know about cybersecurity, it is always possible that we will slip up. As a result, it is more vital than ever to have trustworthy, reliable security software to protect your business. To find out about ESET’s solutions for businesses, head over to our website for more information.