A recent report from the Office for National Statistics shows that 16 per cent of the UK’s workforce works exclusively remotely. Hybrid working is increasing as well, with around 40 per cent of people working from home at least once a week. In 2019, that number was just 12 per cent, writes Suid Adeyanju, CEO at the cyber company RiverSafe, pictured.
This rise in remote working brings a whole host of benefits to employees: more freedom, less commuting, and no more ironing shirts for the office. But it also significantly increases your vulnerability to cybersecurity threats.
More devices are being accessed from more networks, creating a huge number of additional endpoints to secure. Add in the widespread prevalence of SaaS solutions to service distributed users and new communication tools like video conferencing software, and those working remotely become even more susceptible to cyber-attacks.
Even the physical isolation from peers can cause us to let our guard down, especially since we tend to feel safer at home. Plus, good cybersecurity habits tend to be out of sight, out of mind when not under the watchful eye of our colleagues in the IT department.
Cybercriminals have moved fast to exploit this growing attack vector, with social engineering attacks like phishing emails on the rise. Many are even using AI tools like voice duplication to impersonate authority figures and manipulate users into sharing confidential information. And the consequences of these increasingly sophisticated attacks can be devastating: recent figures estimate that approximately 91 per cent of cyberattacks on businesses begin with a phishing email to an individual employee.
With remote work becoming a regular feature in our professional lives, those working outside of a traditional corporate environment need to sharpen up their cybersecurity skills. In this evolving threat landscape, users must account for amplified vulnerabilities to protect themselves and their organisations from bad actors.
Many of the technical aspects of maintaining a secure digital environment will be managed at the back end of the systems and devices you use. Setting up things like VPNs, firewalls, multi-factor authentication and making sure software is patched and updated regularly will be taken care of by your organisation’s security team. However, there are some things that lie in your hands as an end user.
Here are a few key best practices remote workers can use to shore up their security posture.
Think your password is secure? You’d be surprised. Anyone who’s created an online account recently will be familiar with modern password standards. But that doesn’t mean that we always come up with the sort of strong, unique passwords that are challenging to crack.
The safest passwords aren’t usually the easiest to remember. But you can make sure you’re generating robust passwords (and changing them often) by using secure password generators and managers, so you don’t have to trade organisational security for convenience.
Cover your webcam
Keep your webcam covered when it’s not in use so that attackers don’t have visual access to you or your environment, even if the system is compromised. We don’t need to be technical here; a scrap of paper and some sticky tape will do the job.
Avoid unsecured networks
Use only secure networks and avoid public or open Wi-Fi: the coffee shop might be a nice change of scenery, but anyone could connect to that network and potentially intercept your data. Many businesses offer a VPN service to ensure secure access wherever you’re working from, so if that’s on the table, be sure to take advantage of it.
Secure your devices physically
Can you honestly say you have the same antivirus software, firewalls, intrusion detection systems and other security factors in place on your personal laptop, that you have on your work device? Didn’t think so.
You should only work from approved business devices while at home, rather than personal ones that your security team can’t protect.
Never transfer data from company to personal devices either, whether using cloud services or physical hardware like USB sticks. Many organisations will give you access to cloud software suites that you can use to work online, so you don’t need to be downloading any data to devices in the first place.
And lastly, never leave company devices in vehicles, or allow others in the household to access company devices (keeping your device password on a post-it note on the bottom of your laptop is not best practice).
