Unfortunately, many businesses have failed to bring their cybersecurity strategies up to speed with the world of remote work. As such, cybercriminals now have a field day exploiting the new-found loopholes.
By Michael Akuchie
Although the 2020 pandemic facilitated remote work’s widespread popularity today, its roots can be traced back to the 1970s. A NASA engineer named Jack Nilles had developed a word called “telecommuting” which would eventually serve as the foundation of modern-day remote work. To ascertain the usefulness of telecommuting, a handful of employees at IBM, an American multinational technology company, began working from home.
Remote work – a flexible arrangement whereby one can work from a location other than their office – has positively impacted employees and companies alike. Many workers have witnessed a tremendous increase in work-life balance, saved money on transportation costs, and lots more. Remote work has also helped companies enjoy cost savings and increase employee satisfaction. In the 2023 State of Remote Work survey conducted by Buffer, a software company that helps users manage social media accounts, 97% of the respondents passed a vote of confidence on remote work. 98% of the respondents further said that they were willing to recommend this work style to others.
Despite the numerous benefits, working remotely has its fair share of challenges, among which include obvious setbacks like time management and time zone differences. However, another grossly overlooked challenge of remote work is data security, and this is where the crux of this article will dwell.
The pandemic forced the government to shut down public gatherings, including office spaces. To adapt to that rule without suffering heavy business losses, many companies sped up the transition to remote work. While this helped them prioritise workers’ safety and ensure they remained in business, not much was done to modify their cybersecurity strategies in light of the new work arrangement. This left them vulnerable to a surge of sophisticated cybersecurity attacks.
Before the wave of remote work swept off the corporate world, companies typically managed personal data and ensured compliance with data security regulations either through an in-house cybersecurity team led by the chief information security officer (CISO) or a consulting firm.
Unfortunately, many businesses have failed to bring their cybersecurity strategies up to speed with the world of remote work. As such, cybercriminals now have a field day exploiting the new-found loopholes. A Malwarebytes Labs report conducted by Malwarebytes, an anti-malware security company, revealed that 20% of companies suffered data breaches due to an error from a remote worker. The errors in question could be anything from using unsecured mobile devices and networks to work to clicking suspicious links without verifying their authenticity. Not using a secure internet connection for work is an open invitation for hackers to go for the kill. In 2020, Kaspersky, a global cybersecurity company, found that hackers attacked over 100,000 devices used by remote workers in South Africa.
Aside from using unsecured mobile devices/networks or clicking suspicious links, businesses can also suffer from common remote worker missteps like not using two-factor authentication (2FA), using weak passwords, reusing one password for multiple accounts, and ignoring software updates. Any or all of these mistakes can cause reputational damage and revenue loss for the affected company. Employees who fall prey to hackers can also suffer from emotional trauma. A white paper released by NorthWave, a cyber security firm, shed light on the mental impact of cyber attacks on staff. The respondents confessed to having problems like trouble sleeping, back pain, and reduced appetite.
While companies are responsible for promoting a robust cybersecurity culture in the workplace, employees must also endeavour to always abide by the security policies to minimise the opportunities that hackers have to strike.
Companies without a cybersecurity policy for remote work should draft and implement one. While being drafted, the team tasked with this duty must cover all bases to minimise risk. Another step for companies to take is organising regular digital security awareness workshops for employees. Workers should be trained on how to spot and report potential threats. How they should respond if they fall prey to a hack attempt should also be taught. Whenever there is an update to the existing security policy, the company should communicate the changes made to workers.
Workers also have a significant role to play in securing company data from hackers and their growing bag of tricks. Using two-factor authentication, a security mechanism that requires the user to provide two forms of identification before gaining access to a system or data will go a long way in discouraging cybercriminals. If possible, they should use multi-factor authentication (MFA) which adds an extra layer of security.
Employees should avoid connecting to a public Wi-Fi network in places like the neighbourhood café or city libraries. Although the home is a popular spot to work remotely, it is not strange for employees to visit public places to work. While the appeal of public Wi-Fi is hard to shake off, there are certain risks attached. Threat actors may hack a public Wi-Fi network and monitor data that’s shared from the network and connected devices. For example, hackers may gain knowledge of one’s password if they were to input their online bank account while connected to a public Wi-Fi network.
Another great way for remote workers to secure their virtual workspace is by using string passwords. A strong password is usually a combination of letters, numbers, and symbols. For example, instead of the basic “1234” password, opt for something in the region of “Alpha884%*”. It is also important to not reuse the same password for two or more accounts. Endeavour to create a unique password for online banking, social media accounts, company email, personal email, etc.
Although memorising these passwords can be demanding, one can consider using a password manager like the one Google offers or writing them down either on paper or in your device’s notes app. Securing the app with a password is strongly advised. Also, employees must be wary of suspicious emails designed to make them click a certain link, thereby leading to a data breach or identity theft. Remote workers are a major target for phishing scams, so being cautious about every email is a great idea to stay ahead of cybercriminals.
Despite the drawbacks, remote work is still advantageous to workers and employers in today’s world. And just as criminals are constantly updating their strategies to improve their chances of success, companies and their staff must adopt the latest security practices to protect their data while working from home.
Michael Akuchie is a tech journalist with four years of experience covering cybersecurity, AI, automotive trends, and startups. He reads human-angle stories in his spare time. He’s on X (fka Twitter) as @Michael_Akuchie & michael_akuchie on Instagram.
Photo by Nelly Antoniadou on Unsplash