Since the pandemic, the rise of remote working has seen employees enjoy a better work/life balance and the freedom to work from wherever they want.
But while companies have reaped the benefits of reduced overheads, remote working has raised the issue of new cybersecurity threats that could wreak havoc on their businesses.
As data breaches continue to rise, with 41.9 million records compromised globally in March 2023 alone, it’s imperative that security teams are prepared for remote working and the new threats it can bring.
Working from home, without the camaraderie of the office, employees may find themselves working in silos. It’s easy enough to let everyone know about a potential phishing attack when everyone is in one place, but by the time you can get the right communications out to people who are working alone, it may be too late.
Security teams also may not have full visibility over how employees are using sensitive data, where it’s being stored, and whether the data is being deleted after use. This lack of control over sensitive data can result in confidential information sprawled across plenty of SaaS apps like Slack, Google Drive, and Jira.
Without true visibility over your sensitive data, businesses are more at risk of data being leaked or breached. For instance, if a hacker got into one employee’s Google Workspace account, they may find a treasure trove of data that they can hold to ransom or sell on to others.
It’s far too easy for data to get into the wrong hands if employees aren’t fully aware of security policies, and get into bad habits when it comes to handling sensitive information.
Sheree Lim, Head of Product at Metomic, says, “In 2023, organisations should be moving away from securing the perimeter, and instead focusing on their data. As data becomes a currency in itself, companies should be lining up a data-centric approach that helps them understand where data lives and how it’s stored. Not only can it help them comply with regulations, it will also enhance their ability to detect and respond to threats effectively."
Security teams will face a multitude of challenges when it comes to remote working, such as:
Whereas company laptops were once handed out in the office, perfectly prepped by the security team beforehand, more employees are now using their own personal devices or having devices delivered directly to them. Without the correct software installed, security teams must rely on employees to put their own safeguards in place - no easy challenge.
As people work from their own homes using their own wi-fi connections, the safety net of the company’s firewall has also been removed, exposing them to risks they otherwise wouldn’t have had to face.
Without the regular contact of security professionals and colleagues who can help verify whether something is legitimate or not, it can be easier for employees to be tricked into sharing sensitive data or downloading malware.
Security teams will have to work hard to ensure their employees correctly identify a phishing scam and won’t automatically assume it’s their real boss asking for personal information.
Unless you have the right capabilities in place, it can be hard to monitor what employees are doing and whether they’re following protocol. For example, are they putting off essential updates that you could walk them through if you were in the office together?
Remote workers will need to be trusted to follow security procedures correctly.
Unsecured cloud services can be a sitting duck for data breaches. With lots of different devices accessing the same information via lots of different devices, it can be all too easy to allow someone to access your cloud-based data by accident.
It’s key for security professionals to have the right authentication processes in place to keep bad actors out of the equation.
Data intercepted between your employee’s device and the company network could be precious gold for a hacker. Man in the middle attacks could be made easier by remote working, especially if your employees are relying on unsecured connections to complete their work.
Without a security team in the office to monitor what people are downloading, employees could be using unauthorised programs that pose a risk to the business. It’s easy and free to download so many different apps nowadays and security teams will need to be on the lookout for those that go against their policies.
Remote working may not mean working from home. Your employees could be working from coffee shops, co-working spaces, or anywhere else they can get a wi-fi connection. The issue you may have here revolves more around privacy.
Are your employees leaving their laptops unattended to go and grab a coffee or are they having private discussions in a public space? You should let them know what the company expects from a privacy and security perspective when they’re working away from home or the office.
There are a few ways security teams can ensure their employees are adhering to their policies:
Devising a data security policy that outlines the tools to be used and procedures you’ll have in place to protect your data means you can get everyone on the same page. For instance, outline your retention policies and whether you have automatic redactions in place so employees know what to expect.
You should also provide resources that outline the policy clearly so employees can find the information they’re looking for quickly and easily.
Annual security awareness training isn’t enough to give employees a good idea of what they should be doing to secure their sensitive data.
Instead, try continuous training (such as real-time employee notifications) that help them see security policies in action, and in the context of their role.
Rather than run the risk of data being transmitted via unsecured networks, use VPNs (Virtual Private Networks) to secure your data by encrypting it while it’s in transmission. Having these in place will add an extra layer of security when it comes to your employees working from home.
Multi Factor Authentication means you’re not just relying on passwords when it comes to logging in, making it more difficult for hackers to get in and see your sensitive data.
If it’s not already compulsory in your business, it’s a good idea to put this in place so that if your employees are using weak passwords, you can have peace of mind knowing there’s an additional layer of security to get through.
Speaking of weak passwords…
65% of employees ‘just remember’ their password, showing that the password is likely something they’ve used across multiple platforms and is easy to recall. These passwords are typically weak as they are shorter and using real words. After all, who’s going to remember a random 16 character string of figures and numbers off the top of their heads?
Password managers can help encourage good habits, storing complex and unique passwords for many different platforms.
You should look for a great data security tool like Metomic that suits your needs and business. With real-time employee notifications, automatic redactions and retention policies, as well as full visibility over your SaaS stack, Metomic can help you detect and protect your most sensitive data.
To see the impact Metomic can have in your workspace, take a look at our recent case study with TravelPerk.