South Africa, Feb 20, 2024
Remote work was introduced during the COVID-19 pandemic and has since become a regular feature of the modern workplace. As with all new developments in business, there are advantages, but also risks associated with remote work. Companies have seen new cybersecurity threats entering the threat landscape as employees began working offsite.
It is important to be aware of and put measures in place to combat these cybersecurity threats. There are many threats, and our list below will give you some idea of the serious risks facing your organisation.
Phishing
According to the United States’ Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyber attacks begin with some form of phishing.
Phishing can take many forms including Spear Phishing, Vishing, and Smishing. They all share a common tactic of fooling their victims and using psychological manipulation.
Phishing is an insidious problem as it can bypass many of the cybersecurity protection measures that companies put in place. Through clever use of social engineering, phishing attacks can access company networks, servers, and sensitive files by using company employees as a way into the system. Malicious links, infected files, and spyware all give cybercriminals access to sensitive information and more potential targets.
Remote work employees are often at greater risk of phishing as they often make use of public networks outside of the company’s security environment. Cybercriminals can scope out their victims much easier if they move around in public instead of accessing company documents in a secure area.
Risky WIFI networks
Companies often have little control over which networks their remote employees access during their workday. Venues such as coffee shops and airport lounges may have compromised WIFI networks or have cybercriminals who use such venues as their preferred “hunting grounds”.
Data insecurity
If companies have outdated or insecure data systems, then remote work employees may inadvertently endanger company information simply through their daily administrative activities. Remote work policies that allow employees to store sensitive company data on 3rd party devices such as flash drives or external hard drives, also expose the system to serious threats.
Weak endpoint security
Companies often allow employees to use their own laptops or tablets for work purposes. This poses a serious cybersecurity threat as these devices often do not have reliable or sufficient security measures in place.
Weak firewalls, outdated antivirus software, and a lack of proper encryption mean that remote work employees are at risk of being victims of malware, viruses, or data breaches.
Credential theft
A general lack of cybersecurity protection may also expose remote workers to keyloggers or malware aimed at stealing company credentials or login information as employees type on their devices.
Lack of physical security
This point may seem out of place on a list such as this, but old-fashioned theft still presents a serious cybersecurity vulnerability for companies. If devices such as laptops are stolen, any sensitive company data on those devices will be at the mercy of the thief. The data would then either be sold or used to target the company in further cybercrime attacks.
Internal security threats
An often overlooked cybersecurity threat associated with remote work is that of disgruntled employees or bad actors.
An employee who wishes to harm the company may purposefully engage in risky online behaviour that may endanger the company’s information or systems. The decentralised nature of remote work makes it difficult to spot the interpersonal warning signs associated with vengeful employees.
Unauthorised applications
Remote work employees might use unauthorised, outdated, or insecure applications in the course of their work. These applications are difficult to monitor and may even have fundamental security vulnerabilities in their programming. A lack of visibility and control over these applications makes it difficult to spot threats, but also hinders efforts to resolve any breaches.
Poor network visibility
Many cybersecurity threats can enter and remain hidden in company networks due to poor network intelligence and visibility. Many companies often have large volumes of duplicated data and poor information classification procedures. This allows threats to enter the network and do a lot of damage before the company’s IT security teams can respond.
Compliance risks
Remote work can introduce compliance challenges, especially for industries with strict regulatory requirements such as healthcare or finance. Ensuring remote work arrangements comply with industry standards and regulations while maintaining security standards can be complex and requires careful planning and implementation.
Remote work is here to stay, but greater oversight and stricter cybersecurity measures are needed to safeguard company data and information.
Employers should consider education and awareness training for employees, regular security assessments and audits of remote work setups, collaboration with third-party vendors to ensure their security practices align with organisational standards, and continuous monitoring and adaptation of security measures to guard against emerging threats.
Need some help with your IT security?
Logicalis is a certified MSSP (Managed Security Services Provider) and can help you determine the strength of your security posture and protect against internal and external cybersecurity threats.
Contact us for a security assessment, SOC services, or Deep Observability network visibility capabilities.