Circle 01
Circle 02
Circle 03

Join our mailing list

Subscribe to the TSC newsletter to receive exclusive news and advice
  • 26 October 2023
  • 8 min read

What are the security risks of remote working?

Discover the security risks of remote working and how to prevent them. Dive into essential practices to shield your organisation from potential threats.
FAQ Series What are the security risks of remote working

During the pandemic, remote and mobile working was seen as a means to an end; to keep productivity, operations and the economy moving as offices and transport networks shut down. But, post-pandemic, remote working has stuck around and, for many organisations, is the only way they work now. This has led to a significant rise in the security risks of remote working, and it's time we address them.

To put it into context, Gartner reports that 18% of remote workers have no interest in returning to the office and 50% of all employees will continue to work remotely long after the pandemic. Office of National Statistics (ONS) data for the period between September 2022 and January 2023 reveals 44% of UK workers classified as home or hybrid workers.

However, this shift towards remote work brings a multitude of cyber security risks that organisations and employees should be vigilant about. In fact, since the beginning of the pandemic, cyberattacks on remote workers have increased by 238%.

The debate about whether remote workers pose a greater cyber security risk than their in-office counterparts continues. But, threat actors aren't picky; they exploit vulnerabilities and target unsuspecting employees, regardless of their location. Statista reports that 72% of organisations express significant concern over the online security risks their remote employees face.

This article delves into the critical cyber security risks of remote working and offers a comprehensive guide to the best practices for ensuring a secure remote work environment.

15 Common Cyber Security Risks of Remote Working

MalwareBytes Labs’ report reveals that 20% of organisations experienced a breach because of a remote worker, highlighting the growing concern about remote work security risks. So, what risks does remote working create?

Let us explore 15 common cyber security risks that remote workers face:

1. Phishing and Social Engineering Attacks

Remote workers are prime targets for phishing and social engineering attacks. In these scenarios, cybercriminals craft convincing emails, messages, or phone calls designed to trick employees into revealing sensitive information or downloading malicious software. The isolation of remote work can amplify the effectiveness of such tactics, as employees may not have immediate access to colleagues or IT support to verify the legitimacy of such communications.

2. Weaker Cyber Security Infrastructure

Unlike centralised office environments with robust security measures, remote work settings usually lack the same level of security infrastructure. Home networks, for instance, are typically less secure, making them susceptible to cyberattacks, including unauthorised access, data breaches, and malware infections.

3. Neglecting Essential System Updates

Failing to regularly update operating systems, software applications, and security patches can leave remote workers vulnerable to known exploits. Cybercriminals actively seek outdated systems as entry points into the corporate network.

4. DDoS Attacks Cutting Off Remote Workers

Distributed Denial of Service (DDoS) attacks can overwhelm an employee's internet connection, rendering them unable to work. With remote workers relying heavily on internet access, the impact of DDoS attacks can be especially disruptive to operations, reputations, and employee digital safety.

5. Lack of Employee Oversight

The physical absence of employees from the office can result in a lack of oversight, making it easier for employees to engage in risky online behaviour. Furthermore, security teams often struggle to monitor and enforce security policies effectively in remote work environments.

6. Unsecured Wi-Fi Networks

Remote workers often use unsecured public Wi-Fi networks or poorly protected home networks to access corporate resources. These networks can be compromised, allowing cybercriminals to intercept data or launch attacks on remote devices. This is a massive cyber concern for remote workers; so much so that the US Cybersecurity & Infrastructure Security Agency (CISA) issued a specific warning on network exploitation last year.

7. Slow Incident Response Times

In remote work settings, identifying and responding to security incidents can be delayed due to the absence of immediate physical presence. The time it takes to detect and mitigate threats can significantly impact the severity of an incident. In Velocity Smart Technology’s remote working report, it is revealed that not only has 70% of remote workers experienced IT problems during the pandemic, 54% had to wait for more than three hours for issues to be resolved. Furthermore, IBM’s Cost of a Data Breach report reveals that organisations with a remote workforce took 58 days longer to identify and contain a breach when compared to office-based organisations.

8. Expanded Attack Surface

Remote work environments expand an organisation's attack surface, as it encompasses not only the corporate network but also the various personal devices and home networks used by remote workers. Each of these becomes a potential entry point for cyber threats. Check Point’s Workforce Security Report reveals that 51% of organisations allow remote access to corporate applications via personal mobile devices, 52% allow access from personal laptops and 32% allow access via third-party devices.

9. Personal Device Risks

Bring Your Own Device (BYOD) policies, while convenient, introduce a level of risk. Employees using personal devices for work may not have the same security measures in place, and they may inadvertently expose sensitive company data to security threats. According to CISCO’s Benchmark report, organisations are finding it difficult to manage the cyber security of phones and mobile devices by remote workers.

10. Public Risks/Shoulder Surfing

Working in public places like coffee shops or airports exposes remote workers to physical risks such as line-of-sight snooping and shoulder surfing. Individuals with malicious intent might engage in spying on screens or overhearing conversations to gain unauthorised access to sensitive information.

11. Weak Passwords

Unsecure and easily guessable passwords present a considerable risk. Remote workers who use weak passwords are more vulnerable to unauthorised access and data breaches. The use of multi-factor authentication (MFA) is a critical defence against this risk.

12. Cloud Security Misconfiguration:

Misconfigurations in cloud services can expose sensitive data to unauthorised access. Remote workers who interact with cloud-based applications must understand the importance of proper configuration and access controls.

13. Webcam Hacking/Zoombombing

As remote work relies heavily on video conferencing tools, the risk of webcam hacking or "Zoombombing" is a growing concern. Attackers can access video streams and disrupt virtual meetings, leading to privacy breaches, reputational damage, and data breaches.

14. Remote Work Complacency

The isolation of remote work can sometimes cause employees to underestimate security risks. They might become complacent or ignore security best practices, potentially exposing the organisation to cyber threats. Data Basix reveals that 47% of employees cited distraction as the reason for falling for a phishing scam while working from home.

15. File-Sharing Risks

Sharing sensitive documents and files without adequate security measures can result in data leaks and breaches. Remote workers must understand the importance of secure file sharing and data encryption to mitigate this risk.

15 Best Practices for Remote Working Cyber Security

Cyberattacks worldwide surged 38% last year, and this upward trend shows no sign of slowing. Understanding cyber security best practices, especially for remote workers, becomes critically important in light of these rising threats.

Let’s explore the best practices to combat remote work security risks:

1. MFA/2FA (Multi-Factor Authentication/Two-Factor Authentication)

According to Zipdo, 50% of businesses allow remote workers to access their organisation’s IT network without any multi-factor authentication. Implement MFA/2FA across all systems and accounts. This practice provides an additional layer of security, requiring remote workers to supply multiple forms of verification (such as a password and a temporary code) before gaining access, significantly bolstering protection against unauthorised access.

2. Password Manager Usage

Encourage remote workers to use a reputable password manager. These tools generate strong, unique passwords for each account, store them securely, and automatically enter them when needed. This minimises the risk of weak passwords or password reuse and increases password security.

3. VPN Usage (Virtual Private Network)

According to Zipdo, only 43% of employees use VPNs when working remotely. Enforce the use of VPNs to create secure, encrypted connections between remote workers and company resources. This shields data from interception, especially when employees are accessing the corporate network over unsecured Wi-Fi connections.

4. Implement a Work-From-Home Security Policy

Develop a comprehensive work-from-home security policy that outlines best practices and guidelines for remote workers. Ensure that it covers security measures, acceptable device usage, and remote access procedures. Ensure that it is readily accessible.

5. Avoid Public Wi-Fi

Remind remote workers to avoid public Wi-Fi networks for sensitive work-related tasks. When public Wi-Fi is necessary, using a VPN becomes even more critical for added protection.

6. Keep Work Data on Work Devices

Encourage employees to keep a clear separation between work and personal data on their devices. This minimises the risk of individual apps or accounts compromising corporate information.

7. Block Sight Lines to Prevent Shoulder Surfing

Remote workers should arrange their workstations to prevent unauthorised individuals from viewing their screens. This is especially important when working in public places.

8. Never Leave Devices Unlocked

Stress the importance of locking devices when not in use or when stepping away from your desk/workstation. Automated locking and strong, unique passwords or biometric authentication enhance the overall security posture.

9. Run Regular Software Updates

Set up a routine for software updates, not just for operating systems but also for applications and security patches. Regularly updating devices ensure that vulnerabilities are promptly addressed. Instead of making this an employee responsibility, log software updates as mandatory for employees in calendars and via internal communication channels.

10. Be Cautious When Sharing Your Screen

Caution remote workers to be selective when sharing their screens during network calls or presentations. Always verify the content that will be displayed and limit screen sharing to what is necessary.

11. Manage Digital Footprint and Information Shared on Social Media

Employees should be educated on the potential risks of sharing personal or work-related information on social media. Oversharing can provide attackers with valuable information for social engineering attacks.

12. Webcam Cautions

Encourage the use of webcam covers or software controls to disable the camera when not in use. Webcam hacking is a real threat, and remote workers should be proactive in protecting their privacy.

13. Centralise Your Organisation's Data

Keep company data centralised in secure, cloud-based, or on-site storage systems. This eases data management and minimises the risk of data dispersion to unsecured locations.

14. Map All Remote Connections

Security teams should employ tools and practices to map and monitor all remote connections. Full visibility into remote work environments is essential for early threat detection and response.

15. Prioritise Accessible Cybersecurity Training

Unfortunately, 30% of remote workers do not get regular training from their employers and Data Basix reveals that 44% of employees receive no cyber security training on the threats of working from home. This must change. Ensure that remote workers have easy access to cyber security policies, training materials, and resources. Promote ongoing education and awareness to keep employees up to date on the latest threats and best practices.

By expanding on and rigorously implementing these best practices, organisations can create a fortified defence against the cyber security risks associated with remote work, ensuring the safety of their valuable data and operations.

Why Your Organisation Needs a Remote Security Policy

A staggering 47% of organisations now offer employees the option to work remotely full-time, and an impressive 82% permit work from home at least one day a week. Remote work is here to stay, and organisations must adapt to the evolving cybersecurity landscape.

Recent peer-reviewed studies, though on a limited control group, suggest remote workers often exhibit more robust cyber security behaviours than their on-site peers. Yet, the threat level remains high. The shift to remote work has bumped up the average data breach cost by $137,000.

By acknowledging the security risks of remote working and adopting the best practices from this article, you can boost your organisation's cyber security and protect remote workers from threats.

Developing comprehensive remote and office cyber security policies is vital in supporting the integrity and security of an organisation's data and operations in this digital age.

At The Security Company, we specialise in boosting cyber awareness and tackling issues such as remote work security risks through transformative human behaviour strategies. Through our tailored subscription services, targeted and customised eLearning and awareness materials and our behavioural assessments, we're committed to helping organisations like yours instil long-term, security-conscious behaviours.

Our method is distinct. We begin by diving deep into your team's current mindset, pinpointing lax behaviours, security gaps and departments in need of focus and attention. From there, we craft tailored solutions that encourage better cyber practices from your employees. With comprehensive training and seamless integration into your current systems, we're here to fortify your team against modern cyber threats and be your trusted cyber security and awareness partner.

Ready to take the next step?

We can help you to formulate an effective and comprehensive cyber security training and awareness program for your organisation.

Do not hesitate to contact us for further information.

Written by
Nas Ali
Cyber security and awareness content creator focused on emerging threats and the next wave of cyber security risks like AI, deepfakes and tech 4.0 initiatives in order to build towards a more secure organisational culture.
View Profile

See how we can help you protect your organisation today?

Circle 01
Circle 02
Circle 03

Join our mailing list

Subscribe to the TSC newsletter to receive exclusive news and advice