Remote working's cyber security risks

Remote working has expanded the digital perimeter of many organisations, and that opens them up to risks

Organisations today are fending off cyber risks of all types, from malware to social engineering and malicious insiders. The onset of COVID-19, which has pushed many employees out of the office to work remotely, has also resulted in a boom in hostile digital equivalents.

In a survey of IT leaders, more than 60 percent told us that remote working had increased ‘greatly' at their organisation as a direct result of COVID-19, with more than 50 percent of staff working remotely at nearly three-quarters of organisations.

The massive rise in work outside of the traditional bounds of the office has expanded the digital perimeter of many organisations from a single location to hundreds, if not thousands. Even businesses that were previously set up to support remote working may struggle to handle it on such a scale - and that's an environment in which cyber criminals will flourish.

But it's not just malicious outsiders that pose a threat to organisations; employees who are unused to working from home can easily make simple mistakes that compromise their own security, and that of the entire organisation. From something as simple as sharing a PC with other family members, to clicking on a phishing link now that IT is no longer breathing down their necks, the paths to compromise are many and varied.

Eleven per cent of research respondents answered ‘10' when asked to rank the extent to which remote working increases cyber security risks to their organisation, on a 10-point scale. That number may seem low, but more than 60 percent answered with a 7 or above, indicating significant concerns around remote working.

The risks

So what forms do the risks of remote working take? Top of the list is employee behaviour; as seen above, employees without home-working experience are more likely to be compromised, and IT teams must be aware of this.

Poorly protected home networks, phishing and spearphishing also ranked highly (#2, #3 and #4 on the list of concerns, respectively), with weak passwords rounding out the top five.

There are ways to address concerns around home working security. More than two-thirds of respondents already use strict password policies, VPNs and multi-factor authentication, and more than half are using endpoint security and cyber risk training. Around a quarter plan to adopt these - plus strengthening existing access policies, adding cloud-based cyber defences and even looking at security automation - in the next 12 months.

Notably, these are not all technology solutions; rather, these techniques highlight the importance of humans in the digital landscape. Both employees and managers need to understand the risks, their organisation's policies and procedures for managing them, and how to remediate issues if/when they occur.

Please click here to find out more about digital distancing and securing your remote workforce