Remote Work Cyber Risks

Published on Tue, 09/20/2022 - 08:47

The rise of remote work is changing everything, and that includes cybersecurity. Cyberattacks are rising, and remote arrangements can be particularly vulnerable. As more and more companies adopt remote or hybrid work schedules, it’s important to take steps to protect your company from cyber risks.

Remote Work Is Here to Stay

Not all jobs can be performed remotely, but since the start of the pandemic, those that can frequently are. According to the U.S. Bureau of Labor Statistics, between July and September 2021, 13% of all U.S. private sector jobs used teleworking arrangements full time and 9% used teleworking arrangements part-time.

Many workers are adamant about keeping their remote arrangements on a permanent basis. According to Pew Research Center, among U.S. adults who switched to remote work because of COVID-19, 64% say it’s made it easier for them to balance work and personal life, and 78% say they want to continue working from home after the pandemic. Some of these workers want to keep working remotely so badly that they’ll quit if they can’t. A report from Zapier found that 32% of American workers said they had already quit a job over a lack of remote work options, while 61% said they would do so.

Although some employers choose to force their workers back to the office even if it means losing some of them, others are accommodating the preference for remote work, either full-time or hybrid.

Remote and Hybrid Work Create Cybersecurity Vulnerabilities

The switch to remote work has created many cybersecurity vulnerabilities that cybercriminals have been quick to exploit.

Remote workers may use devices and networks with insufficient security measures. For example, they may use public Wi-Fi to connect to the internet, and they may use personal devices that lack antivirus and firewall protections.

Additionally, the reliance on Remote Desktop Protocols (RDP) has left many companies exposed to cybersecurity risks. The Internet Crime Complaint Center (IC3) says that RDP exploitation is one of the three most common infection vectors for ransomware, along with phishing emails and the exploitation of software vulnerabilities.

Remote work may also make social engineering schemes more successful. If two people are working in an office and one receives an email request that appears to be from the other, it is easy to get up, walk over to the coworker and verify the request. However, when employees are working remotely and procedures are in a state of flux, this verification might not happen. As a result, employees may be more likely to fall for spear phishing and business email compromise schemes. The IC3 says that business email compromise schemes resulted in losses totaling $2.4 billion in 2021.

Protecting Your Company

Right now, many companies are ironing out full-time or hybrid remote work policies. These policies absolutely must include strong cybersecurity practices designed to protect companies from ransomware, phishing, data breaches, and other cyberattacks.

  • Create cybersecurity policies for remote offices. These policies should cover things like using secure networks, strong passwords, multifactor authentication, and up-to-date operating systems and software.
  • Secure your computer system. Review your system for vulnerabilities. Key issues to consider include RDP, access control, and backup solutions. Also make sure that you have antivirus software, firewalls, and email filtering in place.
  • Create policies for physical devices as well. Hybrid workers may transport laptops and other devices between work and home, and these devices may be lost or stolen in the process.
  • Train workers on cyber safety. Workers need to know how to identify phishing attempts, avoid malicious links and verify requests for payments or sensitive information. They should also know when and how to report cyber incidents that occur.
  • Review cybersecurity policies regularly. It’s important to conduct regular audits to verify that procedures are followed. As new threats emerge, it may also be necessary to update your policies. Employees may need to be reminded about risks and safety practices, and new employees will need to be trained on cybersecurity as part of their onboarding.
  • Create a cyber incident response plan. Quick action can help you minimize the damage and comply with state data breach notification regulations.
  • Purchase cyber insurance. Cyber insurance provides an important layer of protection that other insurance policies may not offer.

Do you need cyber insurance? Heffernan can help. Learn more.