As cases of Covid 19 spiral downwards, organizations the world over are slowly getting back to ‘on-site’ working – the ‘old’ normal. In real terms, many have loosely evolved to a hybrid style of working, with employees working part-time in the office and part-time from home. Loosely because these decisions, as in the peak Covid era, seem to be constantly changing. While the debate is still on, as to whether it’s justifiable that employees be given a continued run at work-life balance, and whether CEOs are being overzealous in summoning employees back to offices – the fact remains that remote working, irrespective of its duration, is fraught with cybersecurity risks.
The Remote Worker
Considering the limited view that is often held on the term, it may be worthwhile to look at who a Remote worker is. Remote work (also known as work from home [WFH] or telecommuting) is a type of flexible working arrangement that allows an employee to work from a remote location outside of corporate offices. [1].
Covid 19 ushered in a more formal structure of WFH. From working almost exclusively at home to the present hybrid model, organizations seem to have adopted ‘flex’ work as the new normal. Forbes summarizes the flexible new approach as ‘redesigning work around life, rather than requiring employees to twist their lives around work.’ [2]
Upsurge in Cyber Risks due to Remote Working
Remote working has brought with it the risks of data breaches. The number of data breaches is on the rise. 2021 recorded the highest number of data breaches ever, with the total number of data breaches going up by 17 percent. There’s no underestimating the cost of a data breach. IBM’s Cost of a Data Breach Report 2022[3] puts the average cost of cyber security breaches at USD 4.35 million, out of which 21% were caused by human error. Yet despite that, it was noticed that most Remote Workers failed to report data breaches.
Remote Working also brings with it other risks. But health hazards and other human resource issues aside, it is a challenge for Service Operating Centers (SOC)s to ensure cyber threats are taken care of.
The risk is known, the awareness is there
A study from Help Net Security [4] says as high as 77% of SMEs see Remote Work as a security risk and a threat to their business, leaving them open to data breaches and ransomware attacks. The report provides interesting insights at the peak of Remote Working: As many as 66% of organizations found it hard to monitor official infrastructure (at the residences of their employees) and at least 25% of Remote Workers left their workstations unattended, creating potential threat scenarios.
Here are some major reasons for cybersecurity breaches inherent in Remote Working:
- A casual approach on the part of the employee towards cybersecurity
- Inadequate awareness in the form of training/measures to be taken
- Use of weak passwords or shared passwords
- Inadequate bifurcation of organizational and personal workspaces on work devices and failure to prohibit the use of work devices for personal reasons
- Inadequate endpoint security systems and interactions allowed over unsecured home WIFI networks, instead of over a VPN
- Violation of security protocols like transfer of unencrypted data files
- Accessing organizational networks from insecure networks / public areas
- Leaving workstations and data files unattended and unlocked during work sessions
Are organizations doing enough to counter the cyber threat from Remote Working
The answer to this is no – or certainly not enough. Studies indicate that at least a quarter of the organizations interviewed, took the cyber threat inherent in Remote Working seriously, yet went on to state that:
a) Despite awareness on the management’s part and considerable on-site measures being instituted, payouts for data breaches occurred, and
b) Despite education and training in the field, a relatively casual approach existed amongst employees to cybersecurity and cybersecurity best practices.
A significant percentage of organizations alarmingly commented that cybersecurity was not high on their agenda, and did not take step-up measures to counter threats [5].
Mitigating the cyber risks
Here are some of the measures that can help mitigate the threat of cyberattacks and data breaches inherent in Remote Working:
- Machine learning driven automation and intelligence to alert, identify, thwart and eliminate threats
- Multi-factor authentication of the user, powered by behavioral biometrics throughout user sessions
- Stringent enforcement of authorized applications with a clear-cut bifurcation of official and personal work areas on work devices. Even better, avoid personal use of devices
- Fully encrypted cloud backup with on-site backups in 2 or 3 locations
- Implementation of Next Generation firewalls
- VPN gateways installed mandatorily at employee residences as a replacement for unsecured WIFI home networks
Remote Working to increase?
Organizations are slowly getting back to working from offices, as the world learns to live with Covid. Forbes [6] however, opines that Remote Working is going to increase in 2023, despite organizations now calling for their employees to return. Studies show that 25% of all professional jobs in North America will be remote by the end of 2022, and remote opportunities will continue to increase through 2023.
And going by employees’ feelings about their Remote Working productivity and recruitment trends involving such opportunities, it appears to be here to stay.
Conclusion
Notwithstanding what the future holds, cybersecurity awareness amongst employees will need to be stepped up. Compliance tools will need to be leveraged, so the impact of data breach and the need to be security-conscious is embedded.
But the efforts will need to be strengthened by robust cybersecurity systems, preferably AI-driven, that will effectively negotiate even the random cyber threat.
Aurora with its suite of cybersecurity solutions starting out with Vulnerability Assessments to DEFEND – the behavioral-biometric Multi-Factor Authentication system – is ideally poised to offer organizations a single-stop solution for Remote Working.
For more information, contact our experts at sales@aurorait.com or call +1 888 282 0696
Sources:
[1] https://www.gartner.com/en/information-technology/glossary/remote-work
[2] Managing The Cyber Risks Of Remote Work (forbes.com)
[3] https://www.ibm.com/security/data-breach
[4] https://www.helpnetsecurity.com/2021/10/11/smes-remote-work-risk
[5] Working from home causes surge in security breaches, staff ‘oblivious’ to best practices | ZDNet
[6] Forbes: Remote Work Is Here To Stay And Will Increase Into 2023, Experts Say (forbes.com)
