As the United States continues to implement strategies to help reduce the spread of the coronavirus, many companies have created work from home policies designed to keep their employees safe and healthy. As social distancing continues to be recommended, people are encouraged to increase the physical space between each other, which is not always possible in many types of workplace settings. Allowing employees to work remotely helps them stay productive in the safety of their homes, maintaining a “business as usual” mentality even during challenging situations – and it can also help keep them safe, healthy and from spreading the coronavirus.
All indications are that remote work policies or work from home benefits will continue to become more commonplace among businesses, not only as part of a business continuity plan during a pandemic like COVID-19, but in the future, too. However, it also means an ongoing threat to cybersecurity for businesses offering this benefit to their workforce.
Growth of remote workers
While the coronavirus epidemic has caused many workers to shift to remote work, the number of employees working remotely was growing exponentially well before that – a 159% increase between 2005 and 2017 – according to a report based on information from the U.S. Census and Bureau of Labor Statistics, Global Workplace Analytics and FlexJobs. Additional highlights from this report include:
The increase in remote workers can be attributed to several factors. Forbes states that the variety of benefits remote workers enjoy can improve a business's bottom line. Employees are more efficient as they encounter far fewer workplace distractions than in an office setting. They tend to experience less stress, as they don't need to commute in heavy rush hour traffic, and those reduced stress levels lead to higher morale and more job satisfaction. Companies also incur less overhead and operating costs to keep the business running smoothly.
Reducing Cybersecurity Risks for Remote Workers
Let's take a closer look at remote workers, the cyber risks they present and tips on how to minimize them.
Risk #1: Lack of Cybersecurity Training and Established Best Practices
Small Business Trends reported that 48% of cyber attacks were due to a negligent employee or contractor. Ensuring that there is a training program in place for best practices on security is paramount in defending against cybersecurity threats. It is vitally important that everyone in the company, especially those who work outside of the office, are up-to-date on all security policies.
Cybersecurity training for employees should be an ongoing process. Businesses should consider doing more to ensure all employees are consistently updated about any potential security vulnerabilities, as well as how to recognize and avoid them. A report from Small Business Trends states that “while many small businesses are concerned about cyberattacks (58%), more than half (51%) are not allocating any budget at all to risk mitigation.” The investment of a robust cybersecurity training program is a small price to pay when compared to what a data breach could cost the organization.
Risk #2: Using Unsecured Wi-Fi Networks
Employees often access company networks using Wi-Fi from popular locations (such as a coffee shop), making them more susceptible to the risk of an online attack. iPass, a technology company that provides global mobile connectivity to enterprises, mobile operators and brands, conducted a mobile security report in 2018 that yielded the following results:
81% of CIOs said their company had experienced a Wi-Fi related security incident in the last year
57% of CIOs suspect their mobile workers have been hacked or caused a mobile security issue in the last year.
62% of Wi-Fi related security incidents occurred in cafés and coffee shops
No authentication is required on most public Wi-Fi networks. This means the connections are not encrypted and could make it easy for malicious actors to steal data or access credentials. Cyber thieves position themselves between a person with an unsecured device and the connection point or spoof the connection point which means information is intercepted by the malicious actor.
How to Use Public Wi-Fi Safely
Always use a virtual private network (VPN). A VPN serves as a buffer between the Wi-Fi connection and the mobile device. Any transmitted data is then encrypted to protect it from tampering and interception. Use a trusted and reputable VPN provider. While some providers charge a fee of around $10 for monthly service, some are free. Small businesses that use a Wi-Fi-related VPN will not only mitigate security risks, but also lower their risk profile, which may qualify them for a cyber liability premium discount.
Use SSL or TLS connections. Although most people are not as prone to use a VPN, they can easily add encryption to communications by enabling the "always use HTTPS" feature on a mobile device. This ensures a secure connection to sites and is vital for any site where financial credentials are entered. If you see a warning about insufficient levels of encryption it may be time for a new device or an upgrade of your software.
Utilize Two-Factor Authentication (2FA). 2FA means the user provides two different authentication factors to verify themselves for system access. This makes it harder for cyber attackers to gain access to devices or accounts since only knowing their potential victim's password is not enough to get past the 2FA security control.
Risk #3: Personal Use of Laptops or Lack of Physical Security
Using work devices to visit social media pages, answer personal emails or shop online is an example of risky behavior that a remote worker might engage in. Allowing non-employees like friends or family members to borrow devices for personal use is another example. This presents a risk of not being able to monitor the websites or files they access, potentially putting your company data at stake.
Physical security of company-issued devices is also a problem. This could be something as simple as leaving a device out in the open at home or in an unlocked car. Security breaches can happen simply because a device is stolen. Code42 reports that in airports alone, a laptop is taken every 53 seconds. Here are some physical security tips to keep in mind:
Physical security should be a key aspect of your business's cybersecurity policy and best practices, and its importance should be emphasized for remote employees
Monitor usage of company-issued devices to keep an eye out for a non-work related activity or the potential use by someone else other than the employee
Remind all employees (especially remote workers) to keep devices on themselves and to securely store them when not in use
Remind employees to hide their work when they are out in a public place so no one can see their screen, and to not leave devices unattended
Keep the “find my device” setting on in the event it is misplaced
Disclaimer: WorkersCompensation.com publishes independently generated writings from a variety of workers' compensation industry stakeholders. The opinions expressed are solely those of the author and do not necessarily reflect those of WorkersCompensation.com.