According to a report by the cyber security firm Fortinet, as many as two in three businesses have experienced cybersecurity issues due to home working, writes Kyle Mitchell, commercial sales director at Whitaker Brothers.
The study suggests that, despite hybrid or remote working being much more prevalent since the advent of the pandemic, many are still struggling to secure their networks and risking major losses because of it.
Remote workers pose distinct challenges to the security environment of any business. Though many businesses made the shift quickly to adapt to covid protocols, enough time has passed to properly adapt and prioritise security across the much wider network of devices that comes with remote working.
For some businesses, there are threats to be considered across both physical and virtual environments. This makes it even more imperative that all potential threats are identified and mitigated.
Data from the FBI shows that the cost of data breach crimes rose 148 per cent between 2020 and 2022, with the total losses in 2022 standing at more than $450m. This could indicate that malicious actors are getting more successful at exploiting vulnerabilities like those posed by a remote network, resulting in more catastrophic losses for businesses.
To prevent further losses, business leaders need to consider the remote workplace issues they may face, how they can use procedures and equipment to prevent them and why these considerations are so essential to a successful company.
Common remote workplace issues
The Fortinet survey also found that most haven’t mitigated the risks associated with working from home, but many say they’re investing in new technology to do so. Not all businesses will have the money available to invest in new technology but there are still steps that can be taken to reduce the risk of working from home.
Most companies will provide devices for staff to work from home but, with the rapid shift and rising demand for flexible workplaces, there will be businesses still struggling with asset management and security.
In addition to device security, home wifi is of course much less secure than wifi set up to be used on-premises. There will be plenty of staff members who handle secure information who don’t necessarily have the understanding needed to properly secure their home network.
While most sensitive data will be handled online, there will still be instances of physical data handling that can pose a challenge for remote workplaces. In these cases, staff will need to be aware of the expectations of handling this data, as well as how to properly dispose of it if working remotely.
Procedures and equipment for home workers
Regularly reviewing the cybersecurity awareness of all staff who work remotely will be an important step to protect the business from vulnerabilities. Some of the most common cyber crimes include business email compromise tactics like phishing and these are entirely dependent on the ability of your team to identify scams.
Workers handling sensitive information both physically and virtually will need to undergo regular refresher training on how to handle and dispose of this information. This training will also need to cover both the home environment and the office, to ensure proper compliance at all times.
Some businesses are able to conduct home wifi testing through the use of software but this can be expensive. For businesses that are unable to afford extensive testing, detailed guides on how to properly secure home networks, including reviewing firewalls, providing IP addresses and undertaking other tests should be made available to all staff.
It may be necessary to purchase compliant shredders for the home office of any employee handling sensitive documents at home, particularly those working fully remotely. There are different shredding requirements for different types of information so it’s important to review this before purchasing to ensure proper security protocols are in place.
On the other hand, allowing employees to handle sensitive physical and virtual documents while working from home may be too complicated to oversee. This could mean that staff who handle secure information would need to be in the office more often than other employees or that a remote work environment is not possible for some roles. Though the move towards a remote workplace has been welcomed by the majority of workers, the risk of data breaches and their associated costs may be too high.
Preventing lax behaviour in the office
While 62% of respondents to the Fortinet survey said they could attribute the loss of data to working from home, this doesn’t mean that the office is a completely secure environment that needs no attention. As mentioned, business email compromise is one of the most common cyber crimes, costing $2.7bn in 2022 alone.
To prevent a more relaxed attitude towards security in the office, refresher training for all staff will ensure security is prioritized and that potential threats are identified and prevented more successfully. This training should be conducted for staff of all digital skill levels and should be integrated into their continuous personal development.
Why entrenching security is so important for all businesses
New technologies will no doubt improve the cyber resilience of businesses that continue to offer a remote work environment. However, as has always been the case, the awareness of every member of staff on how they are responsible for the security of the business is vital.
The loss of sensitive data is not only damaging in fines but also can considerably affect the reputation of the business with potential customers. Given that data security is resulting in greater losses each year, this is a pressing issue that organizations need to address if they are to continue functioning healthily.
See also the Whitaker Brothers blog.
Photo by Mark Rowe.
