The Top 5 Cyber Security Risks for Remote Employees
Remote working, whether full time or on a hybrid basis, can give cyber criminals the opportunity to exploit vulnerabilities in a more widespread fashion, if the correct security controls aren’t in place or are misconfigured.
Cyber security incidents when remote working was a factor cost organisations €910,000 more than the average cost of a data breach at €3.62 million.
Additionally, the time it took to discover a breach increased by 58 days, totalling 345 days when over 50% of employees worked remotely. To put that into perspective, if a breach occurs on January 1st, it will take until December 12th for it to be discovered.
The statistics may be shocking, but don’t let them deter you from offering remote or hybrid working options for your employees. Once your organisation has a robust cyber security posture for your in-house and remote employees, the risks of a cyber security incident reduces.
To help you get started on your journey, we have outlined the main cyber security threats organisations face when building a remote or hybrid workforce.
1. Unsecure Devices
When working remotely, it is important to remember that devices given to employees for the purposes of work by accessing work systems and data, is authorised for staff use only. Care should be taken with the devices to ensure they are protected from both inadvertent or deliberate unauthorised access.
In terms of using personal devices for work purposes (BYOD), it is not recommended unless absolutely necessary. Such devices should follow the same guidelines as work devices.
Routers are the link between a remote worker's business phone, tablet or computer and your organisation's network. Worryingly, many home routers use a default password and have other security issues that cyber criminals can take advantage of
Learn more about how remote employees can secure their home routers in our guide on ‘Securing Your Organisations Remote Workforce’.
2. Lack of Remote Policies and Procedures
Organisations should ensure that applicable security guidelines, as well as policies and procedures are in place to factor in blended and remote working options.
This includes updating your organisations safety statements, Data Protection guidelines, IT Policies, incident response plan and business continuity plan.
3. The Human Factor
Humans are the weakest factor in an organisation's cyber security efforts. According to a recent report by IBM, 95% of all breaches were due to human error.
Employees whether working remotely, or in the office can make mistakes that could potentially put your organisation at risk.
Educating your employees is key to ensuring your organisation is protected from a cyber security attack. To be effective, training must be consistent, engaging and give the remote workforce real life examples of what to look out for.
Training should include specific rules for email, web browsing and social networks. Organisations should also include training on social engineering attacks such as phishing, password vulnerabilities, router hardening and protecting work devices while working remotely.
Employees should also be encouraged to report suspicious signs immediately. Even if it turns out to be a false alarm, it might still be beneficial to the employee by clearing up errors in their device that hamper productivity.
4. Password Vulnerabilities
Passwords have been a key focus in cyber security education for almost as long as computers have been around, and for good reason, passwords can often be seen as the key to the kingdom when it comes to your IT assets.
Password strength is often seen as a product of two factors: password length and complexity. Creating long passwords that contain a variety of characters, numbers and symbols will make it more difficult for attackers to crack them and recover the plain-text password. For every extra character in your password, the feasibility of cracking vastly decreases.
For more information on creating a secure password, download our guide.
5. Vendor Vulnerabilities
Dealing with third-party vulnerability issues is another potential security threat for organisations. With vendor remote access becoming increasingly vital for an organisation's success, and remote working becoming the norm for both parties, ensuring a robust cyber security stance is paramount.
At this stage, the primary objective of any organisation is to evaluate any third party vendors your organisation regularly interacts with. Get to know your vendors, regularly interact with them and conduct regular assessments on their cyber security posture.
Without knowing who your vendors are, you are susceptible to risks including potential cyber attacks, third-party data breaches, or other forms of exposure that can be damaging to the technical infrastructure of an organisation.
Download Our Guide and Secure Your Organisations Remote Workforce
Secora Consulting was founded with remote working central to its operations. We have extensive knowledge of what it takes to create a robust cyber security posture for employees working remotely. Over the years, we have helped numerous clients move their operations into the cloud while ensuring the security of their data and privacy is central to the migration process.
In our guide, ‘Securing Your Organisation's Remote Workforce’, we offer insight into what organisations and employees need to do to create a robust cyber security posture for remote and hybrid working options.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.
We have arranged our services into four groups based on the objective of the tests.