The pandemic accelerated the use of technology in business, causing many organisations to have greater reliance on email, chat applications and virtual meeting software. As a result, remote working solutions have quickly become the new normal.
Despite bringing a multitude of benefits, including improved motivation and increased flexibility, nearly a fifth of IT pros say workers aren’t secure when working remotely. It’s important, therefore, to understand the current security risks facing remote workers, and how organisations can educate staff to reduce them.
Common security pitfalls
Our recent survey found that 74% of remote staff have access to critical data when working remotely. On top of this, work is no longer limited to one device with cloud systems allowing employees to log into work accounts on personal computers, tablets and smartphones. In fact, we found that 15% of employees use their own devices to carry out work-related tasks.
This blurring of work and personal life makes it easy for confidential documents to be saved and shared on unprotected networks. Last year, Suella Braverman resigned from her position as Home Secretary after admitting to sending an official document to a fellow MP from her personal email address.
Unfortunately, cloud-based attacks are on the rise. Latest research shows that across Europe there was a 50% year-on-year increase in the number of cloud-based network cyberattacks in 2022.
Private chat applications like WhatsApp have become commonplace in business communications, with confidential documents frequently being shared via this form. File sharing has quickly become a common source of cybersecurity incidents, posing a unique risk to organisations as they commonly don’t have any control over the security of personal or external networks.
Our data also suggests that 14% of cybersecurity employees said their organisation has suffered a cybersecurity incident related to remote working. It’s evident that cybercriminals are aware of the shift to remote working, and are using increasingly sophisticated approaches in order to infiltrate professional networks via personal devices. Organisations cannot ensure that employees are using security best practices or secure networks and devices when working remotely – further increasing the risks facing businesses.
How IT departments can change this
Organisations need to to acknowledge that there are unique risks associated with remote work. We recommend that they activate relevant security systems, while also empowering employees to deal with a certain level of risk.
Traditional methods of controlling and securing company data aren’t as effective, with there now being a greater responsibility on employees who work remotely. Despite this, nearly 50% of organisations plan to increase the percentage of employees that work remotely in 2023, meaning that it’s necessary for businesses to consider how they can be prepared against a widening range of cyber attacks and developing threats.
Our latest study found that 43% of IT professionals rate their confidence in their business’s remote security measures as ‘moderate’ or worse. Education holds a significant role in the creation of a robust and resilient cybersecurity ecosystem. By implementing a more comprehensive and inclusive level of cybersecurity training, remote employees will be more aware of the current threat landscape, and how their actions may put the organisation at risk of a breach.
Tackling the cybersecurity knowledge gap among employees is essential to the creation of a robust security system. However, increased education isn’t enough. Better awareness needs to be backed up with a security solution that includes robust email security functionality for prevention, as well backup capabilities for recovery.
Ultimately, increased human awareness of threats and robust digital solutions can work together to make an organisation more difficult for cybercriminals to infiltrate. However, with threats increasing it’s important that the insights needed to inform these solutions are affordable for organisations. The alternative, of course – a ransomware attack that is financially and reputationally catastrophic – is far worse.
Daniel Hofmann is CEO of Hornetsecurity