Remote work has become somewhat of a norm after COVID and remains widely practiced, even though many companies have put on a full-court press to get people back in the office. Still, things will never fully go back to the way they were. The ‘work from home’ crowd enjoys more flexibility, convenience, and a sizeable reduction in costs surrounding their employment like gas and lunches out. Many also cite productivity benefits due to fewer distractions.
Research shows 56% reduction in unproductive time when working at home vs. the office.
But having a largely remote workforce does come with some drawbacks. It’s crucial to be aware of the risks that come with remote and hybrid work. Keeping an eye on device and network security isn’t as easy. About 63% of businesses have experienced a data breach due to remote employees.
This doesn’t mean that you risk impaired security with a remote workforce, which can be rendered as safe as users in the office. A workable balance can certainly be struck. Simply be aware of the Cybersecurity concerns and address them.
So, let’s take a look at the risks associated with remote work and provide practical tips on how employees and employers can address them.
What are the key cyber security risks of working remotely?
1. Weak Passwords and Lack of Multi-Factor Authentication
Employees use various devices to routinely access company systems, databases, and sensitive information, and using weak passwords creates a vulnerable position no matter where they do their work, as does reusing passwords across several accounts. Anybody practicing these bad habits is asking for a data breach.
CloudNine estimates that 81% of hacking-related data breaches are the result of stolen or weak passwords. Here’s a Fun Fact: THE #1 most used password in the world (by far) is ‘123456’. It takes ZERO seconds for a hacker to break that – it is the first thing they try.
Network access should be dependent on minimum standards for password creation. For example, a minimum of 10 characters which must have upper- and lower-case letters, numbers and symbols. Please review our article ‘Creating Strong Passwords’ for more tips.
The policy should also include mandates for employee education, use of a Password Manager, Multi-Factor Authentication (MFA), and a set time frame when passwords must be changed.
Employers can set up access management systems. These solutions help automate the authentication process. They can also deploy safeguards like contextual MFA.
- Unsecured Wi-Fi Networks
Working remotely often means connecting to different Wi-Fi networks. Such as public hotspots or home networks that may not be adequately protected. These unsecured networks can expose your sensitive data to hackers.
To protect the company network and the data it holds, set workers up with Virtual Private Networks (VPNs). Turn on the VPN when connecting to public or unsecured Wi-Fi networks. A VPN encrypts the internet traffic. This ensures that data remains secure even on untrusted networks.
- Phishing Attacks
Again, phishing is the biggest threat no matter where you are. Attackers may send deceptive emails or messages. These messages trick users into revealing their login credentials or downloading malicious attachments.
To defend against phishing attacks, be cautious when opening emails. Especially those from unknown sources. Avoid clicking on suspicious links. Verify the sender's email address.
Also, be wary of any requests for sensitive information. If in doubt, forward the suspect message to your IT team to confirm the legitimacy of the communication. They will be happy to examine these messages – it takes a lot less time than dealing with a Ransomware attack.
- Unsecured Home Network Devices
Many remote workers use Internet of Things (IoT) devices. These include smart speakers, home security systems, and thermostats. These devices can introduce vulnerabilities to your home network if not properly secured.
To mitigate this risk, make sure to change the default passwords on your IoT devices and keep them updated with the latest firmware. Consider creating a separate network for your IoT devices. A "guest" network can isolate them from your work devices and data.
Employers can improve security for remote teams using an endpoint device manager. Such as Microsoft Intune, or similar. These devices make it easier to manage security across many employee devices.
- Lack of Security Updates
Regularly updating your devices and software is crucial for maintaining strong security. Remote workers may neglect these updates due to busy schedules or limited awareness. Cybercriminals often exploit vulnerabilities in outdated software to gain unauthorized access to systems.
To mitigate this risk, enable automatic updates on devices and software whenever possible. Regularly check for updates. Install them promptly to ensure you have the latest security patches.
- Data Backup and Recovery
Remote workers generate and handle a significant amount of data. The loss or corruption of this data can be devastating, so implementing a robust data backup and recovery plan is essential.
Back up your important files to a secure cloud storage service, an external hard drive, or a SAN (Storage Area Network). This ensures that if a hacker compromises a device, your data remains safe and can be easily restored.
- Lack of Employee Training
Both remote and office workers should receive proper Security Awareness Training. It helps them to understand security risks and best practices. Unfortunately, many companies neglect this aspect in their toolbox of defenses. This leaves employees unaware of the potential threats they may encounter and how to spot them.
Organizations must provide comprehensive Security Awareness Training. This training should cover topics such as:
Identifying phishing emails
Creating strong passwords
Recognizing suspicious online behavior
New forms of phishing (such as SMS-based “smishing”)
Frequently Asked Questions
Q: What is an example of a good password?
A: For example: _k$P31b&a2p#V – it’s over 10 characters and has a mix of upper/lower case letters, numbers, and symbols. As previously mentioned here, “THE #1 most used password in the world (by far) is ‘123456’. It takes ZERO seconds for a hacker to break that – it is the first thing they try.”
If you run the password ‘_k$P31b&a2p#V’ through ‘PasswordMonster’ it shows that it would take 75 billion years to crack. Most cybercriminals don’t have that kind of patience…
Q: How often should you do security awareness training?
A:
Unfortunately, for businesses that even do it, the norm is once a year. It is recommended to provide ongoing training every three months. Users need regular reinforcement and updates on the latest scam trends. ‘One and Done’ doesn’t work. Think of that old joke:
A tourist in New York City asks somebody “How do you get to Carnegie Hall?” The person replies, “Practice, practice, practice!”
Your IT service should be involved in these training sessions. In between trainings, the company you contract with for training, or your IT vendor should run Cyber War Games.
Q: Which is better a paid or free VPN?
A: It depends on how much aggravation you’re willing to endure. Aside from dealing with lower-level security protections, a free VPN will only provide bare-bones performance: a slower connection speed, which will adversely affect your internet browsing, streaming. If you’re a gamer, don’t even consider it.
A paid VPN typically offers the highest level of automatically updated security, the fastest speed available and the peace of mind that comes from knowing that you are using the internet in the safest way possible.
Try a free VPN (but do nothing ‘risky’ with your data), then take advantage of the FREE trials (usually 30 days) that most Premium VPN providers offer. See for yourself.
Q: What are some examples of phishing?
A: If the sender requests or entices you to perform a specific action:
Clicking an attachment
Enabling macros in a word document
Updating or confirming a password
Using a new Wi-Fi hot spot
Responding to a social media connection request
How secure is your network?
As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.
The best defenses are expert Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
IT Support LA is an award-winning Managed Services Provider (MSP):
o 3 Years awarded Best IT Support by the Small Business Expo
o Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o Awarded Best IT Support in California by Channel Futures
o Winner of Best IT Support in Los Angeles by Channel Futures
o Listed as one of the world’s Top 501 MS by CRN and in the top 250 in the ‘Pioneer’ listing
o 4 years listed as one of the Top 501 MSPs in the World by Channel Futures
o Listed as #21 MSP in the World in Channel Futures NextGen 101
o Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o Named Best of IT winner by UpCity
o Winner of Local Excellence Award for 2021, 2022 and 2023 by UpCity
o Named Best of Cloud Consulting winner by UpCity
o Certified as Top Managed Services Provider and Cybersecurity Pro by UpCity
o Named Best IT Services in Los Angeles by Expertise.com.
Get Help Improving Remote Team Cybersecurity
Remote work offers many benefits. But it's important to remain vigilant about the associated Cybersecurity risks. Address these risks head-on and put in place the suggested measures. If you’d like some help, just let us know.
Give us a call today! It’s also a great time to schedule your FREE network and Cybersecurity risk assessment.
818-805-0909