With over 30% of the global workforce continuing to work from home in 2024 and a preference for hybrid returns to the office, it seems the great remote work experiment has gone swimmingly.
No need for any type of cyber security audit checklist or cyber security assessment. However, as with any good thing, sometimes we can get lulled into a false sense of “cyber” security.
A cyberattack leaked confidential information, or failed data could end up costing your business millions.
Part-time remote work will be the norm for many companies for the foreseeable future. Now’s the time to consider your organization’s and your own strategies and where they may be lacking.
The key is to implement strong safety measures that don’t take away from the flexibility of working from home.
It is relatively common knowledge that home connections are less secure than the wifi network at the office. Not many people have invested in a pentagon-grade system for their living room.
As a result, cybercriminals can walk into any company network if they target the right person. Even worse is that most remote teams rely on cloud tools for collaboration and productivity but don’t realize they are using the bare minimum of default settings.
Who actually reads those app updates about the changes in preferences?
It was so much easier to lean over in the office and ask your coworker if they saw that weird email from the boss that was asking for their phone number or to click on the link. When working from home, phishing is usually an afterthought.
So, asking the @ or IT channels (if you have them) on Slack or Microsoft Teams about that strange message is probably out of the question for less tech-savvy workers.
Then before you know it, someone rushing to get their tasks done for the day leaves the whole organization exposed. Lastly, let's say that someone gets hacked and hit with asking for 1 million dollars in Bitcoin.
Their connection to the company will be blocked, and as they panic, they won’t know where to get help from the right experts and authorities. Trust is also lower in a remote setting, so if it happens to a new employee; they might keep quiet, thinking that it was their fault.
Last year, when many large organizations sent their workers home, they did a analysis and saw many of these holes in their IT infrastructure. As a result, around 70 percent of major organizations increased their budgets.
What were some of the most common gaps they discovered with having a distributed workforce?
Many workers in the United States were using their home computers that likely were older than their work laptops and did not have the latest software.
A majority of new remote employees access company networks insecurely. This means they were logging in from their personal IP address without a VPN, so it would have been easy to hack and track their movements.
This tends to be an afterthought in many households with easy-to-remember passwords and multiple devices connected. This increases the number of opportunities that a hacker has to attack.
Remote workers have the flexibility to work from anywhere, but that always means that they could be logging in hours from unsecured networks. In a recent survey among remote employees, 37 percent said they connect from coffee shops/restaurants, while 27 percent said they worked from someone else’s home.
Employees using company laptops may also open themselves up to by using unapproved apps. These apps can be easily hacked or come with malicious software that can infect a laptop without the employee even realizing it.
In a recent survey by Igloo software, two-thirds of remote workers said their employees didn’t encourage password resets, using multiple passwords or a password manager tool. They also didn’t provide regular training. Even worse, less than a quarter manage confidential data with encrypted files and folders.
So, now that we know the most common risks for remote work, you should understand how parts of your network might be lacking the ability to prevent, defend and detect threats.
Below, we have created a checklist to consider how up-to-date your infrastructure is while working in a distributed environment. We split it into three key areas that are part of a successful .
The first place you should look seems reasonably straightforward - your password protection. Workforces continue to grow across distributed companies, and each new employee needs their own set of passwords or codes.
Even industries that have been reluctant to allow full-time remote work have digitized their systems and require company-wide logins.
Unfortunately, according to an international study by Sailpoint one in four respondents shared work passwords with a 3rd party, partner, roommate, or friend.
Adding insult to injury, over half of the total U.S. respondents did not change their work passwords in the last six months, and 32% didn’t change them in 12 months or longer.
We are talking about multiple parties in a distributed team who could be using the same eight letter password from 2019 to access company drives.
If any of these employees are using an unsecured IP address or working off of public wifi, they could easily be hacked, and now that password is being sold on the dark web.
Here are some of the areas you should take into consideration when analyzing your password practices and your cybersecurity audit:
The next step is taking a look at how you are defending yourself internally from threats. Technology has enabled remote work to be successful during a global pandemic, but it has also allowed bad actors to create new hacking threats.
Not one particular solution will solve all your needs. It is a problem that is constantly evolving without any particular endpoints. The more companies become distributed and hybrid, the greater the “attack surface” of your company gets.
Not to mention hacking parties can now range from governments to employees. The natural gas pipeline recently hacked by an anonymous group was not an isolated incident, and there will be more attacks on crucial supply chains.
Senior management needs to develop corporate skills and capabilities to be ready for any possible scenario. Much of this prevention can be done by consolidating your sensitive information and ensuring your data .
Ask your team these IT security audit questions:
Do you house all your important information on secure cloud services such as Microsoft One Drive, Amazon Web Services, Google Drive, or Dropbox?
Do you ensure compliance with privacy regulations?
It may sound cynical, but the most prominent kink in an organization’s armor is usually the employees themselves. Human error is one of the main reasons why a might happen.
However, your employees can also be your greatest asset in detecting threats. With the proper yearly training, you can keep everyone in the loop about the latest tactics by hackers and make reporting a common practice.
Your employees will be able to spot phishing emails easily, and you can empower your IT to run monthly monitoring and maintenance. This also means moving beyond the previous IT infrastructure and investing in solutions that will support future operations.
IT teams should look for platforms that incorporate capabilities like project predictions, task prioritization, and tagging. There are even options to utilize AI to provide recommendations and detection that streamline operations.
In a study conducted by Beyond Identity, they discovered that the top concerns about remote work among IT professionals were:
This concern certainly speaks to the survey by Sailpoint that found 1 in 3 U.S. employees use their own computer and smartphone for remote work, while only 17% use a computer and smartphone owned by their employer.
In EMEA and ANZ, half of the employees surveyed worked remotely with their employer's technology.
With such a global divide and a variety of remote working situations, there needs to be a comprehensive solution that considers the different realities of distributed work.
It can be difficult trying to regulate all of the personal devices of your international employees, checking to see if everyone has installed software manually and is using a secure network to work.
However, there is the option to send them devices or update their current ones with all the protection and IT management already installed.
A global device distribution service like GroWrk can send state-of-the-art laptops with , hardware-based VPNs, and software pre-installed to 150+ countries.
Suppose you are onboarding new employees or are doing an IT infrastructure overhaul. In that case, their intuitive dashboard makes it easy to manage all your devices in your inventory, order new ones, or pick them up when an employee leaves.
If there ever is an issue or breach, there is 24/7 help desk support. The software also makes it easy to roll out patches and ensure data without waiting for employees to install. It’s like having an IT closet in the cloud.
You can rest easy knowing that employees are working securely and then bolster their knowledge with relevant tips, best password practices, and detection strategies.
As the way we work continues to evolve, so do our strategies for protecting what we are building. should not be an afterthought for any organization that incorporates remote or hybrid work.
Organizations need to make a conscious effort to keep their employees informed, their devices and information protected, and give their IT departments the ability to detect threats or in defenses.
The topic may be met with a collective groan by some people, or there can be concerns that added protocols might slow growth. However, it is just another step in the development of remote work. A will hinder progress much more extensively than any IT training.
Let GroWrk help you make the transition to secure work-from-home policies.
Discover the platform that will get your distributed team everything they need to be successful. From laptops to standing desks, from the U.S to any location in the world.