Millions of workers are staying home as the fallout from COVID-19 continues to test the remote work infrastructure of businesses around the world. While it has long been an attractive benefit for employees, remote work, even under the best of circumstances, can present its own set of security challenges.
With teams now decentralized, security will be top of mind for IT departments having to increase VPN capacities, beef up safety protocols, and ensure remote teams are adhering to best practices. Here are just some of the online security risks of remote work along with tips for avoiding disaster.
What are some of the security risks of working remotely?
It may seem basic, but reliable and secure internet is not a utility readily available to all remote workers. However, working on a public network is risky. iPass reported that 62% of Wi-Fi related security incidents took place over public networks like the ones in coffee shops and cafes.
Pair that with the 61% of employees who say they've used a work device on a public network and things are looking pretty grim for a potential data breach or other security leak.
90-95% of all successful cyberattacks are phishing attacks. Phishing attacks remain, far and away, the most common method that hackers use to gain access to sensitive information. As the BBC reports, COVID-19 themed email scams are on the rise in the form of fake tax, charity, and government correspondence — and work inboxes are not immune.
Computer sharing and personal use
It may sound obvious, but sharing a work computer with family members or housemates can pose a potential security risk. This should be avoided, especially if your work product includes sensitive information about clients.
As Malwarebytes points out, using a work computer for personal activities is also risky. If possible, it’s best to have separate devices for work and personal use.
Insecure mobile devices
Many of us have at least some work product stored on our mobile devices. In their mobile threat landscape report, Wandera revealed that 57% of organizations experienced a mobile phishing incident.
How to address remote work security challenges
Accommodate the increase of remote VPN workers
Corporate VPN use is surging globally. OpenVPN licenses, for instance, can be purchased “per connected devices” fee.
But, as Ben Popper at Stack Overflow notes, “for many companies, their VPN infrastructure was not built to handle the entire organization working remotely and the need to scale quickly can prove challenging.”
Equipment and deployment may be required and, in the meantime, SC Magazine suggests working in shifts “so the VPN capability that is on hand is spread out.”
What is internet-based client management? ICBM is a way of managing clients that aren't connected to your internal network without the use of a VPN.
Keep devices patched and up-to-date
The UK’s National Cyber Security Center’s official remote work guidance encourages IT teams to “ensure staff understand the importance of keeping software (and the devices themselves) up to date, and that they know how to do this.”
Boost security awareness with mandatory training
According to Pensar, 45% of employees receive no security training from their employer.
Security training for employees can help them understand how to avoid phishing attacks and other scams. The same study concluded that security-related risks were reduced by 70% when businesses invested in cybersecurity training.
A short training course will encourage workers to remain alert and avoid risky behaviors like clicking unknown links and accidentally downloading infected documents.
Encourage good basic digital hygiene
What is good digital hygiene? It just means that you’re using common sense security measures to mitigate any potential online risks to yourself and your company. Not sharing a work computer, using a single sign-on service or password manager, and turning on two-factor authentication when you can are some ways to make data breaches far less likely.
Become proactive in risk management
Apply Murphy’s Law and assume that whatever can go wrong, will go wrong. Is there a procedure in place in case of a data breach? Does your company have policies that act as preventative measures for these scenarios? Now may not be the time to fully invest or implement a full identity management system, but you should still create the policies and action plan to help reduce risks as much as possible.
Give clear security guidance
It’s up to IT departments to determine how they will communicate security guidance to remote teams. Are employees prohibited from connecting to public networks from work devices? Spell it out. Are they barred from using certain tools and applications? Let them know. While each business will have its own protocols, one important part of this process is remaining clear and consistent in relaying this information so it is accessible to all employees, remote or not.
Use cloud software solutions for file management
Long gone are the days of carrying around USB drives with sensitive files on them — at least we hope they’re long gone. Solutions like Google Drive and Dropbox are preferred methods of file sharing and management. Plus, they integrate effortlessly with Wrike’s own cloud-based work management tools.
Why Wrike works for security-conscious teams
Wrike has gone remote, too. That’s why we understand the value of creating the best remote software — security is a big part of that.
Here’s why Wrike is the best remote work management tool for security-conscious teams:
- Enterprise-grade security with regular upgrades and patch management
- Secure file management
- Controlled admin permissions so you can decide who in your organization has access to what information
- Full control over your own encryption with Wrike Lock
To help your team smoothly transition to remote work, sign up today for your free trial of Wrike to start securely managing your work with a flexible, centralized, cloud-based collaborative solution.