Unfortunately for employers, they can be a cybersecurity nightmare if not handled correctly. To begin approaching cybersecurity management for remote workers, here are five threats that remote workers and employers need to be aware of.
Remote workers are notoriously susceptible to data breaches. A study by CybSafe discovered that one-third of respondents in small-to-medium enterprises (SMEs) have suffered a data breach thanks to their remote workforce.
On top of the CybSafe study, a report from FlexJobs and Global Workplace Analytics discovered that the number of people working remotely in the U.S. increased by a substantial 159% from 2005-2017. This places employers in a predicament where they will likely want to offer remote working options to attract talent and remain competitive. Still, they can’t do so at the expense of cybersecurity.
In order for remote employees to be effectively protected, both they and their employers need to be aware of the security threats to look out for.
#1 – Using Personal Devices for Work (BYOD)
Employee devices generally fall into one of three policies:
Employer-Provided Device (EPD) – Also known as “Corporate-Liable” devices, these devices are procured and owned by the company solely for professional use.
Bring-Your-Own-Device (BYOD) – The employee is the personal owner of the device used for their work, though their employer may provide a stipend to offset depreciation and maintenance/upgrades.
Hybrid (COPE, CYOD) – Hybrid models such as Corporate Owned, Personally Enabled (COPE) and Choose Your Own Device (CYOD) also use corporate-liable devices, though the employees are given more control and personalization over the devices they are provided with than with EPD policies. Employees are often permitted to use the devices for both personal and professional purposes.
Some companies will opt to provide remote workers with devices they are required to use to conduct their work. However, a striking majority of companies – 59% according to a report by Tech Pro Research – allow for some level of BYOD practices among their employees.
Unfortunately, using devices for both personal and professional use is risky from a cybersecurity perspective.
The ways that an employee would use their devices during personal use are likely to be less secure in nature than how they would use the device in a strictly professional context. In addition to this privacy concerns are likely to cause employees to reject the use of employee monitoring software on their devices, leaving employers with an environment that is both less secure and more difficult to keep secure due to the lack of monitoring-based threat mitigation
#2 – Unsecured Public Wifi Networks
While there are measures that can be taken to use public wifi more securely, their ability to attract a large group of persons to a single network make them an attractive target for cybercriminals. Worst yet, the wifi network could be a cybercriminal operated honeypot with a fake SSID (wifi name) meant to dupe unknowing victims (such as remote workers!) into connecting.
Remote workers need to refrain from using public wifi networks from devices that are used to access or store company files. To make internet availability easier for remote workers that are traveling or working in public spaces, employers can provide their remote workers with a mobile router. A mobile router uses 4G/5G wireless connections to create a private WiFi signal that is much safer to use than a public wifi network.
#3 – Traveling & Mobile Device Physical Security
The transient capabilities of remote workers give rise to other vulnerabilities, too. When traveling, the devices of remote workers are far more vulnerable to theft and loss than they would be if they opted to stay in-house or in their home office.
Remote workers that work while traveling need to be extra vigilant of their surroundings and devices. They should never leave their devices unattended for any length of time, and if they set up a mobile workstation, they should do so only if they feel reasonably safe in the location of their chosen workstation. Standard personal safety risk mitigation applies when traveling, just with an added degree of vigilance as mobile devices are attractive targets for theft.
Employers looking to mitigate the risks of a data breach from a lost or stolen device can use a Mobile Device Management (MDM) solution to remotely erase the data on the device. MDMs often include some form of a device tracker as well, giving remote employees a chance to see if they’ve simply misplaced the device before opting to erase its data altogether.
#4 – Difficulties Enforcing Cybersecurity Policies
Policies are great tools to help employers communicate expectations with employees. Policies can outline the acceptable uses of devices, expected cybersecurity measures, and many other critical regulatory measures and guidelines than can keep remote workers safe. That said, even the best policy is of no use if it’s not adhered to.
Without the immediate pressure of being surrounded by their managers and diligent coworkers, remote employees can be susceptible to becoming a little too relaxed in their cybersecurity responsibilities.
For employers and their IT departments, policy enforcement is going to be a challenge when working with remote workers. Ongoing cybersecurity training and proactively hiring remote workers that take their cybersecurity responsibilities seriously is critical to mitigating the chances of non-compliance from remote workers.
Any systems accessed by remote workers should also have employee monitoring and access management solutions integrated within them as an added layer of security.
#5 – Security Updates & Patching Difficulties
Remote workers are notoriously difficult to patch for security updates. If remote workers are left to manage security updates and patches on their own, employers risk the chance that they aren’t as diligent in their patching as they should be.
The employer’s IT department will need to determine the best route for remote patch management based on the infrastructure and resources available to the company. IT departments may opt to run a system health check to verify that the remote workers have the latest updates and required security software enabled before allowing connections back to company servers, among other viable solutions.
These 5 security threats to look out for with remote workers are just the tip of the iceberg when it comes to working safely with remote workers. Remote workers and employers alike need to be proactive in following cybersecurity best practices and remaining up-to-date on the latest security best practices.
For those looking for further reading on this topic, research endpoint security & response software, cloud access security brokers (CASBs), virtual private networks (VPNs), and privileged access management (PAM), among plenty of other security options.
About The Author: Dale Strickland
Dale Strickland is the Marketing Coordinator for CurrentWare, a global provider of software-based monitoring solutions for data loss prevention, insider threat detection & web access control. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables. You can find him online @DaleWStrickland.