Remote working is finally becoming mainstream, with around 70% of people working remotely at least once per week.
This represents a huge change in the culture of global businesses, and that’s great. But it also means that companies are grappling with totally new security risks.
So, what kind of threats should you be worried about if you rely on remote working? This is literally a million dollar question for businesses across the world – and there are some hazards to take into account. Let’s deal with them one by one.
1. Vulnerable public wifi networks
If a large chunk of your workforce needs to work remotely, there’s a very good chance they rely on unsecured public wifi much of the time. When you’re out on the road visiting industrial sites or clients, coffee shops, gas stations, or transport hubs all offer easy to use, convenient internet connections. But they also present huge risks.
Public wifi networks are rarely protected by technologies like VPNs. This means that their routers can be hijacked, giving hackers the ability to see every packet of data sent over the network. And hackers can target individual users via packet sniffing software. That way, they can interpose themselves between remote workers and routers without anyone noticing.
These reasons make it advisable to control how your staff uses public wifi. You don’t need to prevent access entirely – that’s not feasible. But staff need to know how to use VPNs of their own, and how to identify suspicious networks.
It makes sense to introduce a strong VPN and a broader cybersecurity concept for workers to implement when using wifi. Draw up a set of requirements, including switching on VPN coverage, using strong passwords, and updating antivirus software.
Most of the VPN review sites recommend the best VPN services concerning security and features. Haven’t heard about them? Please visit VPNpro to read a review about one of them.
And regularly check that staff are implementing these measures. The consequences can be dire, and it only takes one lapse. So be vigilant and invest in staff training.
2. Hardware theft
When workers are constantly moving from location to location, there’s inevitably going to be a heightened risk of theft or loss of key hardware. So you’ll need to budget for some replacement costs right off the bat. That’s just a basic cost of providing workers with the flexibility for working remotely.
But don’t stop there. Hardware theft also poses huge security risks for companies which rely heavily on remote workers.
This applies even if you use secure encryption on all work laptops. Data thieves can access all sorts of crucial information via cold boot attacks, including the keys used to encrypt machines.
This makes it essential to minimize the risk of theft, but companies need to go further. It’s vital to put in place protocols to implement when laptops are stolen. For instance, staff credentials need to be revoked and changed immediately, before thieves are able to break into your network.
It’s also important to teach staff to shut down laptops thoroughly – not just leaving them in hibernation mode. Cold boot attacks are much more dangerous if data remains in the machine’s RAM, and shutting down is the only reliable way to clear the memory.
3. Shoulder surfing
Sometimes, security threats are so old-school that companies totally forget about them, until it’s too late. That often applies to shoulder surfing – the act of directly spying on workers to find out about their browsing habits, passwords, and other data.
Skilled criminals can tell a huge amount about how users type, and what can be seen on their screens. And they can also use sophisticated viewing equipment to get a better view of their targets. If targets leave receipts lying around after working in a store, shoulder surfers will pick them up. And they will do whatever it takes to use the information they learn.
It doesn’t take a huge amount of information to build up profiles used by phishers in social engineering scams. And in some cases, it can be used to fool administrative staff into resetting staff passwords. So shoulder surfing is a serious threat.
There’s not much staff can do about it, either. All you can do is educate them about the need to shield their keyboard and screen from view when carrying out sensitive tasks, and to be very careful about the data trail they leave behind.
4. Simple human error
Above all, companies whose employees regularly work outside the office need to be aware of the frailties of human nature. Remote workers make mistakes. They talk about their password with friends, they leave computers unattended, and they fail to log out of intranets properly.
Businesses can’t change human nature, and they can’t expect flawless behavior. But what they can do is create the conditions for effective, safe remote working.
This means having clear codes of conduct about what it means to work safely. Document how staff should manage confidential passwords; inform them about the risks of being cavalier with data; set out clear penalties for breaching security guidelines, and organize refresher sessions every year to make sure your security practices are being internalized.
Alongside using a good VPN, being aware of the risks of public wifi, and the dangers of shoulder surfing, this should make remote working much safer. That way, you can capitalize on the benefits of flexible working, without tearing your hair out with worry.