COVID 19 opened the floodgates to a remote workforce. In October 2020, a Gallup survey reported that 33% of workers always work remotely, while 25% do so sometimes. Nearly two-thirds of workers who have been working from home said they’d like to continue to do so.
Yet still, many businesses have failed to take a close look at WFH cybersecurity.
Gaps Remain with Cybersecurity for Remote Workers
Security incidents have increased owing to remote workers. Malwarebytes reported that remote workers caused a security breach in 20% of organizations causing organizations to pay unforeseen costs to address computer breaches and malware infections.
Before the pandemic, cybersecurity was reasonably straightforward. Your firewall separated the outside world from the inside world. It helped keep hackers at bay. That defensive line is blurred now and leads to complications with security.
All it takes is a worker’s home computer getting hacked to open a door into your network. Even a simple misconfiguration of a home-based device can lead to a cyber breach.
The use of cloud services and collaboration tools have expanded to support home workers. In many instances, buckets or access controls get set up improperly, opening the door for cyber-attacks. The same holds for Virtual Private Networks (VPNs), improper configurations.
Phishing accelerated to new heights. According to Cybersecurity-Insiders, companies experienced an average of 1,185 attacks each month. More than one-third of respondents (38%) said a co-worker got impacted. More than half of businesses (53%) have seen an increase in phishing activity since COVID.
Here are some more interesting findings from the Malwarebytes study:
- 44% of organizations failed to provide cyber awareness training about the threats of working from home.
- 45% of businesses failed to perform security and online privacy analyses of software tools.
- 61% of those surveyed provided work-issued devices to employees, but 65% did not use a new antivirus solution for the devices.
- 61% of organizations failed to require employees to use antivirus software on personal devices.
Fewer Organizations Feel Prepared for a Cyber-Attack
Another study, Cybersecurity in the Remote Work Era: A Global Risk Report, presents similar concerns regarding remote workers and security. You can access the full report here.
Before the pandemic, 71% of organizations felt positioned against cyber-attacks. That number stands at 44% today. Moreover, 71% of organizations are concerned about remote workers causing a breach. The biggest concerns relate to personal devices and security practices.
Of concern, 42% of organizations indicated they don’t know how to defend against a cyber-attack directed at remote workers. Only 35% of organizations require multi-factor authentication. For that matter, 31% of companies required no authentication method.
The time needed to mitigate cyber-attacks has increased. Credential theft (56%) and phishing (48%) are the most common means of attack.
Resources are an issue. Less than half the organizations reported having adequate budgets to cover the risks of cybersecurity working from home. Staffing is another concern. Only 39% of organizations believe they have appropriate expertise. Among other findings:
- Only 47% of respondents monitor their networks 24/7.
- Half are encrypting data.
- Only 50% have security policies for remote workers.
- 43% are funning cyber awareness campaigns.
There are questions about whether the concerns will dissipate after the pandemic. More than half the organizations anticipate remote worker concerns to continue leaving an obvious question, what can you do to address the issues?
5 Defenses for Remote Workers
Even with the best defenses, there’s no guarantee you won’t suffer a breach. People make mistakes and can fall victim to a social engineering attack like phishing. But there are some steps you can take to protect yourself.
- Policy Creation
Start by clarifying your policies regarding cybersecurity and data access. Make sure employees are aware of all security policies and hold them responsible.
Your employees should receive some level of cyber awareness training. Alert them to the dangers of phishing and give them insights into how to identify it and respond.
- Multi-Factor Authentication
Use two-factor authentication. Microsoft claims that multi-factor authentication delivers 99.9% greater security. Also, set password standards regarding length and use of special characters.
To expand on passwords, consider a password manager. It can generate passwords randomly to improve security. Keeper, 1Password, and LastPass are good choices.
- Secure Connections
Workers need a secure connection. At the very least, use a VPN. It’s a critical first step in securing your connections. Incorporate tools designed to verify security patches are in place on remote devices.
Monitor your software for infections. Advance detection tools can help detect cyber-attacks using malware or persistent remote accesses.
- Protect Remote Devices
The web or email presents a clear opportunity for malware attacks. You need to determine endpoint protection requirements.
Employees should have security software like antivirus and malware protection in place and always use the latest applications. Employees can also enable data protection on their devices.
- Data Loss Prevention
DLP protects corporate information from misuse, loss, or access by unauthorized users. It segments and classifies data and identifies policy violations. In short, an administrator can control what data a worker can transfer and to whom.
Reduce WFH Cybersecurity Threats with a World-Class MSP
Security isn’t failproof even within your company walls. Adding a remote workforce into the equation multiplies your risk. It’s a lot to handle, especially for small to medium-sized businesses. That’s why it pays to reach out to a cybersecurity company near you for help.
We have access to the latest remote security solutions like ConnectWise. It provides secure and reliable remote access to endpoint devices to update devices and eliminate vulnerabilities.
We have an array of cybersecurity services to help. Channel Futures recognizes us as a world-class MSP by Channel Futures. IntermixIT delivers IT solutions to more than 400 clients in Harrisburg, Lancaster, York, Lebanon, Reading, and Carlisle.