Since 2020, we’ve witnessed a massive change in how we work. The global pandemic accelerated many technological advancements, making remote working the norm.
While this change brings huge benefits for both people and businesses, it also brings challenges, particularly for cyber security professionals.
In this article, we’ll explore the various aspects of managing cyber risks in remote working and examine some predictions for the rest of this year and beyond.
It’s safe to say the digital age has brought huge changes to working life. With high-speed internet and powerful collaboration tools at everyone’s fingertips, people can now work from anywhere.
This opens up opportunities for businesses to tap into a global talent pool while offering employees a better work-life balance, regardless of location.
Then there’s the cost-effectiveness argument—for businesses, a remote workforce lowers overhead costs, which can be used to fund innovation, product, and employee development.
It’s hard to understate how the COVID-19 pandemic accelerated the adoption of remote work. With social distancing measures and lockdowns enforced in virtually all countries worldwide, how else could most businesses continue to operate without shifting to a work-from-home model?
Although this was a forced experiment, it’s become a permanent fixture in society with businesses offering far more flexible working methods that take on many forms.
During the pandemic, remote working proved to be a lifeline for businesses, allowing them to navigate the challenges posed by the crisis. It enabled employees to stay productive, connected and safe. However, the reliance on remote work also highlighted the importance of digital infrastructure, cyber security and employee well-being.
It’s crucial to point out that it also had its drawbacks. Work and life boundaries blurred, so people had to adopt new routines and find new ways to maintain a healthy balance, such as time-blocking, setting boundaries and other self-care strategies.
Additionally, remote work presented both challenges and opportunities for team collaboration. Physical distance usually poses communication and coordination challenges, but the widespread adoption of collaboration tools like video conferencing, project management tools and instant messaging platforms allowed people to stay connected, work together and unwind together (remember the weekly Zoom quizzes?) regardless of their location.
It's clear that remote work is here to stay – it’s revolutionised the way we work and is an inescapable part of the modern workplace. But this also means that its risks are here to stay – and they evolve quickly.
As beneficial as remote working is for businesses and staff, it presents several major challenges for cyber security professionals.
Pre-COVID-19, cyber security teams focused on defending their on-prem networks and systems – the traditional security perimeter. Then, when everyone was sent to work from home, new challenges arose for cyber security teams.
How do you secure every staff member’s home network and devices?
The home network poses a unique challenge in terms of cyber security. It’s unlike a corporate network with firewalls, robust security policies and other tools in place. Many home networks lack the necessary safeguards to defend against cyber threats.
One common vulnerability (probably the most common) is the use of weak passwords. Many individuals use the same, easily guessable password on multiple accounts, which means if one account is compromised, all accounts are compromised. It might sound simple, but using strong, unique passwords and enabling MFA wherever possible is essential.
Outdated firmware is another potential entry point for hackers. Many home routers and network devices may not receive regular updates from manufacturers, leaving them vulnerable to known security vulnerabilities.
Unsecured WiFi networks are a big risk that often goes overlooked. Let’s be honest – how many people change the default password on their home network? These networks are easy targets for cyber criminals and allow them to intercept sensitive data and compromise the security of remote work activities.
Writing a blog about cyber security risks and remote working is impossible without including a section on common cyber threats. Nothing is off the table for cyber criminals.
Phishing, malware infections and ransomware attacks are all obvious choices. Criminals will take advantage of relaxed security measures on a home network to infiltrate your company network and steal data, so paying attention to who’s sending the email or what links you’re clicking on is even more important.
In all honesty, the threats remain the same whether you’re at home or in the office – the only difference is how far an attacker can get before they are detected.
There are many ways to manage cyber security risks and many different tools. However, from a remote working perspective, there are two main ways an organisation can manage cyber security risks: by implementing robust security policies and providing comprehensive employee training.
Let’s look at three key areas:
First, ensure your corporate devices have the right software installed before you give them to employees. Nothing is more frustrating than having to call IT on day one because someone forgot to install the VPN software or something similar.
You must also have a system in place that allows you to push/force any and all corporate devices to install updates and security patches overnight/outside of office hours. You’d be surprised how often businesses are breached because a staff member hasn’t run Windows Update in a few months or hasn’t restarted their machine recently.
Believe it or not, tech providers and software manufacturers spend a lot of time and money updating their respective bits of kit and if you don’t keep them up to date, you don’t have anyone else to blame.
Using a VPN will protect your business. Even if the home network you’re working from is wide open to the world, a VPN will encrypt and protect your company data from hackers.
Now, with solutions like Cloud Access Security Brokers available and the advent of SASE/SSE, you don’t necessarily need a VPN if your security architecture is designed correctly and you have the right controls in place.
Again, this is an obvious point to make – but, as I mentioned earlier in the article, people reuse passwords and if you crack one, you’ve cracked them all. You should always insist on strong password protocols by implementing complexity requirements (minimum number of characters, letters, numbers and symbols) to safeguard your data.
Multi-Factor Authentication is another easy way to add an additional layer of security to protect company data. By requiring people to provide multiple forms of ID, such as a password and unique code sent to a mobile device, you can reduce the risk of unauthorised access.
Of course, technology plays an important role in cyber security – but, realistically, 8 out of 10 times, the employee is the first line of defence.
You should invest in comprehensive cyber security training programs to educate employees about best practices for remote work.
Training sessions can cover identifying phishing attempts, secure file sharing and safe browsing practices. By educating employees about the common tactics cyber criminals use, you give them the knowledge they need to avoid falling victim to a simple trick.
Phishing attempts, for example, are one of the most common methods hackers use to gain unauthorised access to sensitive information. Training employees to recognise suspicious emails and avoid clicking on malicious links or downloading attachments from unknown sources can significantly reduce the risk of falling victim to such attacks.
Let’s be honest – an email from Microsoft or your CEO doesn’t have a cat as the profile picture or come from janet@jlbqrvhbqekr.com. It takes two seconds to check and those two seconds are worth taking.
Secure file sharing is another often overlooked aspect of remote work. Even though most businesses use collaboration tools like Microsoft Teams or Slack, these applications need to be secured, too. There will always be occasions when you need to send larger files. To avoid accidental data loss, you need to use an encrypted file-sharing platform with appropriate user permissions (review these regularly!).
Safe browsing practices are the final and fairly obvious element of Security Awareness Training. Nowadays, most people know not to click on pop-ups, but it’s important to reiterate this during the training process, along with advice around downloading files/software from untrusted sources.
If you can block .exe files from running on corporate devices, apply it. Only relevant admin users should be able to run executables that aren’t sanctioned or part of the standard corporate device build. This minimises the risks of accidentally running malicious applications. Of course, if your organisation has some form of EDR/MDR solution or Managed Service, this should flag anything like this to the relevant internal teams.
The future of remote working will see the development of innovative cyber security solutions and measures, from more advanced threat detection systems to AI-driven automated security solutions.
Adaptability will be key in the working world as time goes on. Those who can will thrive, while those who can’t will not.
We haven’t climbed the peak of remote working yet – the landscape continues to evolve and the cyber security landscape will continue to evolve as well. Staying a head of emerging threats is a revolving door of new technologies and tactics and the eternal game of cat and mouse between hackers and security teams will continue.
It’s a safe bet to assume that, in the coming years, attacks will become more targeted and sophisticated. Remote workers will not be exempt from this – in fact, they are likely to become the main target – forcing organisations to either mandate a return to the office, continuously update their security measures (this should be happening anyway) or, and this is unlikely, equip remote workers with the relevant hardware/capabilities to secure their home networks in the same way the office perimeter is secured.
This is a tall task given that the security perimeter seems to shift every week.