Cybersecurity in Remote Work: Can it Decrease Security Risks?
Imagine working from your laptop with the ocean waves crashing nearby or the sound of seagulls in the distance. Remote work has enabled work from anywhere with a stable internet connection. However, it’s safe to ask: can remote work decrease security risks?
Working from the airport or at a nearby cafe can be comfortable for remote workers. However, using public hotspots and unsecured networks can have serious side effects if they don’t take the necessary precautions.
When traveling the world or simply enjoying the flexibility of remote work outside your usual home office, it’s crucial to consider how to protect your data.
We spoke with Andrew Williams, founder of Remote Tribe, to share his thoughts on the cybersecurity risks associated with remote work and how companies and workers can mitigate them.
Andrew launched the Remote Tribe blog in 2019 to help people become digital nomads and find their work-life balance while traveling the world. He has an extensive SEO and content marketing background with over ten years of experience in the industry. He recently launched the Remote Tribe Circles initiative to connect digital nomads.
Remote Work and Cybersecurity
As someone who has been a remote worker for almost a decade and a half of that time as an entrepreneur, Andrew is keenly aware of the importance of proper cybersecurity measures.
When asked if remote work increases or decreases the risks of cyber attacks and security breaches, Andrew said:
“I think, overall, it definitely increases it. Most people who work remotely or most business owners would say that's a big fear they have.”
It’s not an unfounded fear. A recent report showed that 20% of organizations experienced a data breach due to a remote worker. This then resulted in unexpected expenses in addressing the issue.
For Andrew, the main reason why remote workers are vulnerable to attacks is accessing unsecured networks. He explains that when you “work from different WiFi hotspots, you’re open to many breaches because they're not secure networks, and people can sneak in.”
“If you're unlucky to be near a good hacker, they can sneak into your laptop and your company's folders, files, and security system. As a digital nomad or remote worker, you are exposed. You and your company have to be very careful when doing that.”
Nobody wants to spend thousands of extra dollars on something that could have been avoided. Companies must pay close attention to creating policies or using the necessary tools to provide safety for remote employees.
Ensuring Cybersecurity for Remote Workers
From Andrew’s perspective, there are three basic things to consider to ensure remote workers’ cybersecurity: a strong policy, a virtual environment, and a VPN.
“First and foremost, if a company has a remote culture, it should also have a remote working security policy written in stone. Employees should be referred to that during their onboarding process.”
“Second, remote employees should have a virtual desktop environment that works independently from their local machine. If the local machine gets attacked, the hackers can't enter the virtual desktop environment. They're two different environments.”
“Third, a VPN is recommended when you're working from your laptop and you’re next to a hotspot that is not locked. Even if [the network] is locked and has a password, you should still use it, and the company should pay for that.”
He adds that employees should always use two-factor authentication for extra safety. Not to mention, firewalls, antivirus, and anti-malware software should also be offered to remote employees by default when they join a company.
An excellent place to start is by having a cybersecurity audit checklist specifically for remote workers where you can determine what areas need attention and identify steps to address them.
Unique Cybersecurity Challenges for Remote Workers
Preventive measures work. For Andrew it means that in his eight years of working remotely, he has never experienced a cybersecurity challenge.
“I was lucky enough because I protected myself. I've got a VPN, and I've got antivirus and malware protection, and I was working on virtual environments when I was employed.”
However, many theft-related challenges include identity, password, and account theft. He warns us that data is at risk without any measures:
“Ultimately, anything in your computer is exposed if you don't protect yourself. Your whole digital identity and storage can be stolen and used as well. So be very careful. For example, they're selling email accounts with passwords on the dark web. It's pretty serious.”
Securing Remote Work: Best Practices for Companies and Workers
Equipping remote workers can differ depending on an organization’s needs. Some prefer to provide company-owned equipment, while others opt for a Bring Your Own Device strategy.
In terms of cybersecurity, Andrew says both strategies can work depending on each company's measures to protect and secure its data and the culture under which it operates.
“In my opinion, both options could work,” he explains. “If they send you or give you an unlocked machine, but they give you a virtual environment, that's a pretty safe combination. I'm pretty sure they're minuses there as well. But that sounds to me like a good combo.”
“The other option is that they give you a completely locked machine, but then you go into the sphere of bureaucracy where you have to talk to IT to unlock some of the applications you need, and you have to justify that.”
“I think both can work, depending on the company's strategy. Companies should consider both options. They should make the call depending on their security levels and how they work and their culture.”
In both cases, however, policies must be drafted and implemented to ensure everyone operates under the same security assumptions. Protecting sensitive information and data should be at the core of these policies.
Although policies are fundamental in cybersecurity, they might sometimes be insufficient. Andrew believes that companies should take stern steps to ensure they are followed.
“You can say policy here and policy there, but people might ignore that. Being out of the office, it's very easy to ignore that. I think companies should somehow enforce that. There should be a level of grip from the companies because it's serious stuff.”
“Maybe some of the applications should be locked, some ports should be locked, and maybe you shouldn't be able to use some apps by default. And I think that's okay, but there is also a limit to that.”
Tools for a Safe Remote Work Environment
Regarding the tools that can guarantee a safe remote work environment, Andrew has a few favorites.
“I've been using One Password, for example, for all the passwords, so I don't have to type them in manually. They're already encrypted, so whenever you access one point from your Chrome extension, it's going to, by default, write it down in the password field, which is great.”
“I'm using Bitdefender for VPN and anti-malware. 2FA on most of my online applications in the browser in Chrome, for example, and I think that's it. For now, as an entrepreneur, I'm really flexible and a solopreneur, so I know what I'm doing.”
How To Address Cybersecurity When Going Remote
When the pandemic started at the beginning of 2020, companies and employees had to react quickly to work-from-home mandates.
Organizations worldwide had to implement almost overnight a way to transition from in-person operations to entirely distributed teams effectively.
There might be resistance from on-site enthusiasts to adopt fully distributed teams, but we’ve already seen it works. Although its implementation had many initial challenges, the biggest lesson was that remote operations could actually work and benefit businesses.
For Andrew, the best way to transition towards a remote team is by following in the experts' footsteps. He shares that companies can learn from the remote policies of companies like GitLab, Hotjar, and Buffer, which have been remote for years.
“I would suggest looking at companies already doing that, even big companies. Remember, during COVID, we had millions of people working from home. Banks, investment funds, and big ECON businesses all had employees at home, so they already have remote policies in place.”
“Maybe companies should be studying that. How financial and telecom companies do it, because these are big companies. They have a huge sum to protect and manage. So they took that very seriously. I think that's a good way to start and analyze their remote policies. Also, look at small companies that are more agile and see how they do it.”
Although cybersecurity poses challenging situations for companies, it’s not enough reason not to take advantage of remote work and its benefits
Andrew suggests that the best way to stay protected is to keep your guard up and stay updated with the latest threats, trends, and software.
“There is that saying: ‘With great powers comes great responsibility.’ So the great power, in this case, is remote work and working from wherever. However, it does require a level of maturity and discipline. People should be educated about that, showing the risks every time, and having training about the risk that you get and the liability you get with working remotely because, in the end, it's a big responsibility. You represent the company, and any breach can surface a lot of sensitive data.”
“Companies get fined by the government. I know in the financial sector. I've worked for a few years there, and it's very well regulated.”
“There are big fines for data breaches. They've got DPOs –data protection officers– that keep an eye on people all the time and the way they work with data. Again, that comes with a lot of responsibility. There are a lot of consequences to that.”
The rise of remote work has brought about new cybersecurity challenges for companies and employees. As more people work from different locations and devices, the risk of cyber-attacks and data breaches increases.
However, implementing policies and tools for managing remote employees’ computer use and communications can protect companies from cybercriminals.
By working together, companies and employees can ensure that remote work remains safe and secure in the face of ever-evolving cybersecurity threats.
GroWrk can help your organization go remote by streamlining the procurement, deployment, and management of IT devices required by globally distributed teams.
Our IT asset management solution can help you scale your remote workforce worldwide while staying compliant and keeping your data safe. If you’re interested to learn more, give us a call today.