Just as our immune systems require good hygiene to fight infection at an optimal level, organizations must dedicate themselves to proper cyber hygiene in order to detect, prevent, and mitigate the effects of cyberattacks—particularly as remote work becomes more common across all industries.
Since the start of the pandemic, many companies have discovered that remote work does not damage productivity. On the contrary, many companies have reported improved performance, as well as the potential for reduced overhead going forward. But work-from-home is not without its disadvantages. According to one survey, almost 75% of VPs and C-suite IT leaders believe that remote workforces pose a higher security risk than on-site employees. Their concern is not unfounded.
Many remote workers use personal devices that are inherently less secure than corporate-issued devices, thus increasing their level of susceptibility to cyberattacks. Seemingly trivial online habits, like saving corporate passwords in personal browsers or allowing family members to access corporate devices for personal use, can pose serious breach risks to an organization. According to a report published by Accenture, the average number of security breaches a single organization faces annually has increased by 67 percent since 2014. As remote working becomes more common, cybercriminals will continue to find new and innovative ways to exploit vulnerabilities.
Employees are the first of defense against cyberattacks. Cyber hygiene best practices must become ingrained into organizational operations, including security patches and updates, the use of multi-factor authentication, restricting administrative privileges to a need-to-know basis, etc. In order to formulate a comprehensive framework that lessens the risks posed by increasing threats to data privacy and security, organizations need to assess their cybersecurity from top to bottom.
In this article, we’ll cover some of the risks associated with remote workforces, go over some ways an organization can bolster its cyber hygiene, and cover some key steps an organization can take toward strengthening its cybersecurity profile as remote work becomes more common.
Remote workforces pose a higher cybersecurity risk
It is estimated that more than 75% of remote employees do not bother taking privacy measures while working in public spaces, making them soft targets for cybercriminals. Moreover, nearly 50% of remote employees say they transfer files between personal and corporate devices. By exposing sensitive data outside the secure corporate networks, these lax security habits could have devastating consequences for any organization. The use of a VPN can help. But while VPNs provide some level of data security, they do need a secure internet connection.
Unfortunately, compared to corporate networks, home or public Wi-Fi networks are highly vulnerable to attacks like MAC spoofing, eavesdropping, session hijacking, encryption cracking, etc.
Remote workers, particularly those accessing sensitive data through a browser on their personal devices have to depend on endpoint security tools. This enhances the potential for a breach of critical corporate data, solely because employees are outside the additional protections of the corporate network. Between 2017 and 2018, 81% of organizations reported having Wi-Fi-related cybersecurity incidents because employees used public Wi-Fi.
The sudden transition to a virtual setting has amplified the poor security profile of the average small office/home office (SoHo) network. Employees have struggled to adopt good security hygiene while working from home, even as the FBI reports a 300% increase in cyberattacks since the start of the COVID-19 pandemic.
It is up to organizations to ensure that they have the proper protections in place for their remote workers.
Start the Conversation
We're big believers in culture fit. Contact Tier 3 Technology Solutions for a commitment-free conversation about your business's IT Support needs.
Achieving comprehensive cyber hygiene for remote workers
Now, more than ever, it has become important that managers train employees on good cyber hygiene practices, including the following:
- Conduct security awareness training. Untrained employees are very likely to make mistakes, and human error opens the door for cyberattacks. While it’s impossible to eliminate human error entirely, security awareness training arms remote workers with critical information on how to avoid cyber threats. The National Institute of Standards and Technology (NIST) suggests educating remote employees on how to recognize social engineering scams and malicious websites, among other threats.
- Regular updates and patches. Software updates often patch security weaknesses discovered since the last iteration of the software. As many as 80% of companies that were breached or failed an audit in 2016 could have prevented those incidents with merely a patch or a systems configuration change. More importantly, 20% of all vulnerabilities discovered are “High” or “Critical Risk,” and 25% of those take more than 90 days to fix.
- Limit administrative roles and permissions. Granting users unwanted system permissions can result in increased attacker capability and misuse of privileges. The Principle of Least Privilege (PoLP) principle must be implemented, which is based on the idea of giving just enough access to users to do their job. By strategically managing and protecting permissions, it is relatively easy for organizations to minimize damage if and when an employee’s account is compromised. Even if managers grant users certain privileges, they should monitor user activity for unusual actions, like accessing sensitive information after working hours.
- Implement Multi-Factor Authentication. According to one study, 57 % of companies use multi-factor authentication (MFA) for their passwords. According to the third annual Global Password Security Report, employees use one password for almost 13 accounts. It is no surprise, then, that stolen and reused credentials contribute to 80% of hacking-related attacks. At the very least two-factor authentication, should be used. It adds to the layer of cybersecurity and decreases the risk of cybercriminals using stolen credentials to conduct and coordinate an attack.
Regardless of whether they work from home full-time or part-time, remote workers pose a greater risk to an IT computing environment than on-site employees. Organizations must be willing to invest resources into a robust security education and training program, which amplifies user engagement and incident response procedures.
Reaching out to a managed service provider is a great first step. A high-quality managed service provider will often provide a free network assessment, which will include potential areas of vulnerability in your overall cyber hygiene. Partnering with a managed service provider will immediately lend your organization a depth of knowledge critical to your efforts to educate remote workers against new and emerging cyber threats designed to exploit unprepared users.
A strong cyber hygiene plan is a critical piece of an effective IT support system. It allows an organization to quickly shrink its threat landscape and protect its most valuable assets, even as remote working (and the increased risk that comes along with it) becomes more and more common.