Key Points: 

• Since the pandemic, the rise of remote working has seen employees enjoy a better work/life balance and the freedom to work from wherever they want. 
• While companies have reaped the benefits of reduced overheads, remote working has raised the issue of new cybersecurity risks and threats that could wreak havoc on their businesses.
• Inadequate data security in remote work scenarios can result in data breaches, where hackers can exploit vulnerabilities, jeopardising data confidentiality. Such breaches can have severe consequences, including ransomware attacks and reputational damage.
• To address these challenges, businesses can create comprehensive data security policies, provide ongoing security awareness training, implement VPNs for secure data transmission, make Multi-Factor Authentication (MFA) compulsory, and encourage the use of password managers.

As data breaches continue to rise, with 41.9 million records compromised globally in March 2023 alone, it’s imperative that security teams are prepared for remote working and the new threats it can bring.

What are the data security risks for remote working? 

There are a few data security risks when it comes to remote working: 

1) Missed communications

Working from home, without the camaraderie of the office, employees may find themselves working in silos. It’s easy enough to let everyone know about a potential phishing attack when everyone is in one place, but by the time you can get the right communications out to people who are working alone, it may be too late. 

2) Shadow IT issues

Security teams also may not have full visibility over how employees are using sensitive data, where it’s being stored, and whether the data is being deleted after use. This lack of control over sensitive data can result in confidential information sprawled across plenty of SaaS apps like Slack, Google Drive, and Jira.

3) Employees leaving their devices open in public places

Remote working may not mean working from home. Your employees could be working from coffee shops, co-working spaces, or anywhere else they can get a wi-fi connection. The issue you may have here revolves more around privacy. 

Are your employees leaving their laptops unattended to go and grab a coffee or are they having private discussions in a public space? You should let them know what the company expects from a privacy and security perspective when they’re working away from home or the office. 

4) Unsecured networks

Employees working from public places may connect to unsecured wi-fi networks, which can increase the risk of data being intercepted by unauthorised users. Data intercepted between your employee’s device and the company network could be gold dust for a hacker. Man in the middle attacks, for instance, could be enabled by remote working, especially if your employees are relying on unsecured connections to complete their work. 

5) Endpoint security

Remote employees may be using their own devices or unsecured company devices that can become compromised if they are not properly protected. Data stored on unsecured devices can be more susceptible to theft or unauthorised users accessing sensitive files.

7) Compliance problems

Security teams will need to ensure they are complying with industry regulations such as HIPAA, GDPR, or PCI DSS, despite remote working arrangements. This can be difficult as employees may be able to share information more freely than they could in an office, breaching compliance requirements.

How can these security risks impact a business?

Without true visibility over your sensitive data, businesses are more at risk of data being leaked or breached. For instance, if a hacker got into one employee’s Google Workspace account, they may find a treasure trove of data that they can hold to ransom or sell on to others. 

It’s far too easy for data to get into the wrong hands if employees aren’t fully aware of security policies, and get into bad habits when it comes to handling sensitive information. 

Ben van Enckevort, CTO at Metomic, says:

“In 2024, organisations should be moving away from securing the perimeter, and instead focusing on their data. As data becomes a currency in itself, companies should be lining up a data-centric approach that helps them understand where data lives and how it’s stored. Not only can it help them comply with regulations, it will also enhance their ability to detect and respond to threats effectively."

Office v remote working: What are the unique challenges for security teams? 

Security teams will face a multitude of challenges when it comes to remote working, such as: 

1. A lack of control over devices 

Whereas company laptops were once handed out in the office, perfectly prepped by the security team beforehand, more employees are now using their own personal devices or having devices delivered directly to them. Without the correct software installed, security teams must rely on employees to put their own safeguards in place - no easy challenge. 

As people work from their own homes using their own wi-fi connections, the safety net of the company’s firewall has also been removed, exposing them to risks they otherwise wouldn’t have had to face. 

2. Employees falling victim to phishing attacks 

Without the regular contact of security professionals and colleagues who can help verify whether something is legitimate or not, it can be easier for employees to be tricked into sharing sensitive data or downloading malware. 

Security teams will have to work hard to ensure their employees correctly identify a phishing scam and won’t automatically assume it’s their real boss asking for personal information. 

3. Difficulty monitoring remote workers 

Unless you have the right capabilities in place, it can be hard to monitor what employees are doing and whether they’re following protocol. For example, are they putting off essential updates that you could walk them through if you were in the office together? 

Remote workers will need to be trusted to follow security procedures correctly. 

4. More cloud-based data 

Unsecured cloud services can be a sitting duck for data breaches. With lots of different devices accessing the same information via lots of different devices, it can be all too easy to allow someone to access your cloud-based data by accident. 

It’s key for security professionals to have the right authentication processes in place to keep bad actors out of the equation.

How can organisations ensure security is being adhered to and managed effectively? 

There are a few ways security teams can ensure their employees are adhering to their policies: 

1. Create a comprehensive data security policy

Devising a data security policy that outlines the tools to be used and procedures you’ll have in place to protect your data means you can get everyone on the same page. For instance, outline your retention policies and whether you have automatic redactions in place so employees know what to expect. 

You should also provide resources that outline the policy clearly so employees can find the information they’re looking for quickly and easily. 

2. Provide regular security awareness training 

Annual security awareness training isn’t enough to give employees a good idea of what they should be doing to secure their sensitive data. 

Instead, try continuous training to educate employees (such as real-time employee notifications) that help them see security policies in action, and in the context of their role. 

3. Use VPNs to secure your connection 

Rather than run the risk of data being transmitted via unsecured networks, use VPNs (Virtual Private Networks) to secure your data by encrypting it while it’s in transmission. Having these in place will add an extra layer of security when it comes to your employees working from home. 

4. Make MFA (Multi Factor Authentication) compulsory

Multi Factor Authentication means you’re not just relying on passwords when it comes to logging in, making it more difficult for hackers to get in and see your sensitive data. 

If it’s not already compulsory in your business, it’s a good idea to put this in place so that if your employees are using weak passwords, you can have peace of mind knowing there’s an additional layer of security to get through. 

Speaking of weak passwords…

5. Use password managers 

65% of employees ‘just remember’ their password, showing that the password is likely something they’ve used across multiple platforms and is easy to recall. These passwords are typically weak as they are shorter and using real words. After all, who’s going to remember a random 16 character string of figures and numbers off the top of their heads?

Password managers can help encourage good habits, storing complex and unique passwords for many different platforms. 

Where to get started with data security for remote working 

You should look for a great data security platform like Metomic that suits your needs and business. With real-time employee notifications, automatic redactions and retention policies, as well as full visibility over your SaaS stack, Metomic can help you detect and protect your most sensitive data. 

To see the impact Metomic can have in your workspace, take a look at our recent case study with TravelPerk.