Protecting Remote Workers From Cyber Threats

If you’re reading this from your home while working remotely during the COVID-19 crisis, you’re in good company. A recent study by Global Workplace Analytics showed that even before the coronavirus forced us all into working from home, remote work had grown by 173% over the last 15 years, with nearly 5 million telecommuters in the U.S. alone.

Research studies indicate that remote workers are more productive and happier relative to those workers who don’t have the same flexibility.

Despite the benefits of remote work, however, a pressing concern remains: How do we protect these workers from savvy cybercriminals, many of whom view workers operating outside the boundaries of on-site IT security as “easy pickings”?

Office security threats aren’t the only priority for defenders these days; the battlefield extends well beyond desks and cubicles and into homes and coffeehouses. Remote work cybersecurity, therefore, needs to be a top organizational priority.

With that in mind, let’s take a closer look at a few smart tips for protecting your remote workers from cyber threats.

Maintain Strong IT Hygiene in Every Environment

Picture a remote worker, and you likely envision someone in a cafe, coffee shop or home office. What do these settings typically have in common? Insecure Wi-Fi. Public Wi-Fi in commercial settings is the worst security offender and one of the most popular cybersecurity attack vectors.

Due to the insecurity of public Wi-Fi networks, it’s often a trivial task for hackers to intercept log-in credentials or install malware. Phishing attacks complete with dummy websites and links that look like the real thing are another common public Wi-Fi hazard and one of the most pressing challenges to remote working security.

Despite these risks, remote workers continue to use public Wi-Fi in large numbers. A recent Spiceworks Data survey indicated that more than 60% of organizations’ workers use company-issued devices on public Wi-Fi networks. The coffee shop isn’t the only risky setting, however: Poorly secured home Wi-Fi also presents a hazard. The proliferation of connected smart devices in the home has increased the number of attack points, which means that remote workers need to be more vigilant about securing their home offices.

One of the easiest ways to lower the risks associated with public or poorly secured networks is for companies to require the use of a virtual private network that allows for secure connections. While that can be effective, it also needs to be paired with comprehensive training.

Invest in Remote Worker Training

Given that remote workers are operating within some highly challenging environments, it’s essential that they’re trained to understand best practices for threat and vulnerability in an online environment. It’s difficult to understate how important this is, as humans are the weak point in any security system. Even the best-trained among us are liable to commit an error over a long enough timeline.

Cybersecurity training staged at regular intervals is imperative for managing all types of threats in the workplace: online, offline, in office or out of the office.

When conducting these sessions, however, it’s important to really place an emphasis on the specific challenges associated with remote work. Show workers how to spot common phishing attacks, raise their awareness of spoofing and other techniques and ensure that each worker understands the basics of good IT hygiene. A modest investment here can be paid back exponentially if a significant security breach is averted.

Protect the Endpoints

Ensuring the security of the software applications, hardware devices and operating systems used by remote workers is another core priority. Far too much time generally passes between the public discovery of a vulnerability and the subsequent patch. Some research indicates the average amount of time it takes to complete this process is more than three months.

Today’s advanced attackers can take advantage of an exploit, move laterally through a network and steal critical assets, escaping detection for weeks, months or even longer. This is a nightmare scenario for organizations, which often face massive financial and reputational risks from such breaches.

To manage this risk, it’s important to ensure all software is current and continually updated. Common tools such as malware scanners, firewalls and virtual private networks can also help maintain security.

For something a bit more advanced, organizations can choose to deploy breach and attack simulation software. These platforms simulate common attack techniques across likely attack paths to help expose an organization’s security vulnerabilities.

The benefit of this approach is simple: Unlike the reactive process of waiting for a vulnerability to be discovered and applying a patch, a breach and attack platform allows for continuous, automated testing.

The Remote Security Takeaway

Remote work continues to see a wave of adoption, but organizations can’t keep their non-office staff stuck on an island. They are exposed to specific vulnerabilities and work without the full protection of on-site IT security. And, human nature being what it is, we can’t expect remote workers to immediately sacrifice the convenience of public Wi-Fi in favor of better security.

As such, it’s critically important that remote workers are trained to recognize the types of attacks they are most likely to encounter. It’s also just as essential that organizations emphasize endpoint protection and deploy the tools they need to get security right, both in the office and in homes and coffee shops across the globe.

Avatar photo

Nitzan Shatil

Nitzan Shatil is Customer Operations Manager at XM Cyber. Nitzan has 15 years of experience in cybersecurity, including nearly a decade in the financial industry. He was in charge of the cyber risk management unit at the Union Bank of Israel, where he worked on implementing cyber strategy methods. He also brings a strong technical background in hands-on IT security and cybersecurity architecture. He started his career at RSA Security as a threats intelligence analyst on large financial entities.

nitzan-shatil has 1 posts and counting.See all posts by nitzan-shatil