A recent report by the Office for National Statistics shows that 16 percent of the UK workforce works exclusively remotely. Hybrid work is also on the rise, with around 40 percent of people working from home at least once a week. In 2019, that number was just 12 percent, Swede Adeyanju, CEO of cyber company RiverSafe, wrote in the photo.
This rise in telecommuting brings many benefits to employees: more freedom, less commuting and no more ironing shirts for the office. But it also greatly increases your vulnerability to cybersecurity threats.
More devices are accessed by more networks, creating a huge number of additional endpoints to protect. Add to this the proliferation of SaaS solutions for serving distributed users and new communication tools such as video conferencing software, and those who work remotely become even more vulnerable to cyberattacks.
Even physical isolation from peers can cause us to let our guard down, especially since we tend to feel safer at home. Plus, good cybersecurity habits tend to be out of sight, out of mind when not under the watchful eye of our IT colleagues.
Cybercriminals have moved quickly to exploit this growing attack vector, with social engineering attacks such as phishing emails on the rise. Many even use AI tools like voice dubbing to impersonate authority figures and manipulate users into sharing confidential information. And the consequences of these increasingly sophisticated attacks can be devastating: recent data shows that approximately 91 percent of cyberattacks on businesses begin with a phishing email to an individual employee.
As remote work becomes a common part of our professional lives, those working outside the traditional corporate environment need to improve their cybersecurity skills. In this evolving threat landscape, users must account for increased vulnerabilities to protect themselves and their organizations from bad actors.
Many of the technical aspects of maintaining a secure digital environment will be managed behind the scenes of the systems and devices you use. Setting up things like VPNs, firewalls, multi-factor authentication, and making sure software is patched and updated regularly will be taken care of by your organization’s security team. However, there are some things that are in your hands as the end user.
Here are some key best practices that remote workers can use to strengthen their security posture.
Think your password is secure? You will be surprised. Anyone who has recently created an online account will be familiar with modern password standards. But that doesn’t mean we always come up with strong, unique passwords that are hard to crack.
The most secure passwords are usually not the easiest to remember. But you can make sure you’re generating strong passwords (and changing them often) by using secure password generators and managers, so you don’t have to trade organizational security for convenience.
Cover your webcam
Keep your webcam covered when not in use so attackers don’t have visual access to you or your environment, even if the system is compromised. We don’t have to be technical here; a piece of paper and some tape will do the trick.
Avoid unsecured networks
Use only secure networks and avoid public or open Wi-Fi: A coffee shop may be a nice change of scenery, but anyone can connect to that network and potentially intercept your data. Many businesses offer a VPN service to ensure secure access wherever you work, so if that’s on the table, be sure to take advantage of it.
Protect your devices physically
Can you honestly say that you have the same anti-virus software, firewalls, intrusion detection systems and other security factors on your personal laptop that you have on your work device? I didn’t think so.
You should only work from approved business devices while at home, not personal ones that your security team can’t protect.
Never transfer data from company to personal devices, whether using cloud services or physical hardware such as USB sticks. Many organizations will give you access to cloud-based software packages that you can use to work online, so you don’t need to download data to devices.
Finally, never leave company devices in vehicles or allow other people in the household to access company devices (it is not a best practice to store your device password on a note at the bottom of your laptop).