The shift toward working from home, fueled by the COVID-19 pandemic, may now be reversing itself as a trend: More and more employers are forcing their workers to work from home. go back to the office for at least a few days a week. But despite how much new work patterns have shaped industries and lives in recent years, experts question whether enough has been done to fully respond to the risks of remote work.
Chintan Patel, CTO of Cisco UK and Ireland, says ITPro that few companies are well prepared for remote risks. Cisco Cybersecurity Readiness Index demonstrates how only 17% of UK organizations have a mature level of preparedness to manage the security risks of this hybrid world.
But Patel recognizes that the responsibility for dealing with the problem does not rest solely with bosses: employees must share it, too. “With freedom and power also comes the responsibility to work cyber-securely,” he says. “A more relaxed environment should not mean a more relaxed approach to security, especially when it is at the expense of your business.”
Simple methods like using a vpn either password manager can pay big dividends when it comes to secure remote work. Multi-factor authentication (MFA) It is another easy win to avoid malicious access and it is always recommended to download the latest system updates.
Mark Raeburn, global leader of cyber investigations and forensic response (CIFR) at Accenture, admits that greater financial investment from the board of directors is also essential. The latest from Accenture Pulse of change The survey found that six in 10 senior British leaders plan to increase spending on cybersecurity in 2024, almost double that of 2023.
“In 2024 we will see, and should see, a new injection of investment in security equipment and tools,” he says. “Even before COVID, remote work was already common and now staff constantly expect to be able to work while traveling.”
Raeburn also recognizes how “complacency breeds vulnerability” and adds: “End points “They will always be seen as an easier target, but increasing protection and, more importantly, detection of a breach, both in the office and from home, becomes key.”
Risks of remote work: nurturing the human firewall
Absolute security is impossible, whether in the office or in a remote setting. C.T.O., CIOand CISOs They can only manage and mitigate risks to what is considered an acceptable level within their own organization. Given the enormous magnitude of the problem, this is easier said than done. Tris Morgan, BT's chief security officer, points out that the telecoms giant's own teams find 46 million indicators of cyber attacks a day.
“It's very easy to fall into the trap of thinking that you may not suffer a cyberattack, either due to the nature of your job or the perceived security of the network used while working remotely,” he explains. “This is, of course, a myth.”
Morgan believes employees should view the problem as they do the security of their own home: “Just as you wouldn't leave a door or window open for intruders to take advantage of, it's equally important to prioritize good practices.” . cyber hygiene wherever they are working.”
This extends, he says, to the implementation remote access to secure networks and store documents containing sensitive information on secure, password-protected servers, rather than on personal or company hard drives. Using personal devices such as smartphones and laptops for work presents a greater risk than using IT-provided locked equipment.
Employees who work remotely can be their own worst enemy. For example, connecting to unsecured public Wi-Fi networks in coffee shops or train stations is a big open door for hackers, while human error in not detecting identity fraud Email scams are another.
TO study by SoSafe found that three-quarters of respondents believed that the risks of remote work have contributed to the overall worsening of the threat landscape, especially as security teams lose oversight and monitoring of remote workers. Suggest that employees working remotely click phishing emails at three times the rate of employees working from the office.
“The large-scale shift to remote work means it is more vital than ever to build and reinforce a strong 'human firewall,'” warns Dr. Niklas Hellemann, CEO of SoSafe.
Risks of remote work: replacing legacy technology
Supporting and protecting a remote workforce means having a solid security strategy, good oversight, and up-to-date systems. But Quentyn Taylor, senior director at Canon EMEA, suggests that companies “remain dangerously behind in the adoption of security technology”, often relying on outdated technologies. legacy technology with limited protection, authentication or authorization.
“Simplicity is key to good cyber defense, especially when it comes to remote work. Start by investigating your cyber footprint and understanding how an attacker views your business. Companies must be clear about which of their assets require the most protection and isolate sensitive data from others. vulnerabilities.”
He also predicts: “In the hybrid work world, we will continue to see the nature of ransomware become more diversified as criminals moving down the value chain to smaller companies who do not have the robust resources or cyber resilience to establish an adequate cybersecurity team or defense mechanisms.”
Other techniques to prevent remote breaches can be as simple as personally verifying any information received or actions requested, as well as always locking a device's screen with a password when it is not in use. These tips should always be part of company-wide educational programs, experts advise.
Lewis West, cyber security director at Hamilton Barnes, one of the UK's largest specialist networks and cyber security recruitment providers, has seen an increasing number of businesses investing in this type of security training for their employees. . “There is even a better understanding of less obvious dangers, such as employees sharing photos of their work screen on social media that accidentally include sensitive company details,” he adds.
If a violation occurs due to remote work, the legal consequences for both employer and employee are complicated. Andrew Whiteaker, head of employment at law firm Boyes Turner, explains that this will be considered “on a case-by-case basis”.
“There are situations where it may be a training issue, such as responding to a phishing email. However, where it can be demonstrated that an individual has not complied with or followed safe remote working policies, this may lead to disciplinary proceedings,” she states. “There are also cases in which culture around cyber It has been affected, for example, by managers who tolerate shortcuts. “Again, disciplinary action may arise when employers can demonstrate that individuals did not follow clearly outlined policies.”
As an overall move toward greater security for remote work, establishing a “single source of truth” using a critical event management system can be critical, says Keiron Holyome, vice president of UKI and Emerging Markets at BlackBerry.
“Internal communications can ensure that all employees receive alerts and instructions about a potential breach in a single action,” he explains. “This frees up IT team resources to address the issue at hand. Providing regular advice and updates ensures that employees, wherever they work, remain cyber secure and fully informed.”