With countries across the world under lockdown due to Covid-19, businesses large and small are having to completely rethink and revolutionise their standard working practices. This has caused many to embrace remote working, and there is even the suggestion that this change is likely to be far more long term – as when things get back to normal, companies will have gotten used to the benefits of remote working.
Many businesses with remote workers have had to struggle to quickly find new ways of working – including incorporating new technologies and collaboration tools to allow staff to continue to work effectively.
However, while this has created great opportunities to find new ways of working, there are issues with it too. The speed at which the crisis occurred meant that many businesses may not have had the time to ensure that all of their employees are working from home as securely as possible. Cyber threats targeting home workers are on the rise and it’s important that business leaders are alert to the latest risks. Here we take a look at some of the key cybersecurity issues affecting remote workers.
One of the most widely used tools that remote workers have embraced is remote desktop protocol (RDP). RDP allows remote users to access the desktop of an office computer or server that’s located at another location, meaning that they then have access to all of the tools, apps, software, and files to be able to perform their job. RDP is commonly used by IT departments in order to manage and provide assistance to users across an organisation.
However, there is a huge problem in that poorly secured or unprotected RDP endpoints can provide easy access for hackers. Far too many organisations are using RDP in a way that leaves them vulnerable to cybercriminals who could remotely access a device and steal data.
Vulnerabilities with the remote access tools used by organisations can create additional problems for security teams, meaning it is vital to keep systems and tools patched. One of the most well-known vulnerabilities in RDP, for example, is Bluekeep – first discovered by Microsoft in May 2019.
The company did release a patch for the bug at the time, but it is likely that many organisations that were not utilising remote connectivity at the time did not install it. This could mean that if those organisations have now begun using remote connections, they could be vulnerable.
Organisations that are worried about the security of access controls are advised to commission an independent remote working security assessment to help identify and address risks.
Another danger is the fact that employees working from home may be using unsecured devices in order to access data. In the office, employees most often use a single device that has been properly configured. This also benefits from the protection of network-based security controls, such as a company firewall.
However, when working remotely, employees may utilise a much broader range of devices. These are not security hardened and don’t benefit from traditional perimeter defences. A single employee might use a desktop, a laptop, a mobile phone, and a tablet to carry out their work. This broadens the potential range of targets for criminals.
Remote working makes it more likely that workers could fall victim to problems with so-called shadow IT. Shadow IT refers to the use of software that has not been approved by the IT team. This is much more easily done on personal computers. Your IT team will have far less control over what software and apps you use.
Unapproved software might not sound like a major problem. But it may be the case that these programs contain vulnerabilities that cybercriminals could seek to exploit.
With employees all working from home simultaneously and using multiple devices, monitoring the use of data can be very challenging. This puts an increased onus on individual employees to be doing all they can to stay secure. But there is a problem here too.
The speed at which companies were forced to change their working practice has meant that many did not get the chance to adequately prepare their staff for working at home. And without strict guidelines in place for how to work from home securely, employees can be at risk.
Organisations need to provide training as soon as possible to ensure staff are aware of the latest security risks such as:
Remote access solutions and collaboration tools can be key to providing the capacity and flexibility needed for employees to do their job. But this has resulted in businesses putting their trust in new, untried applications and also storing data in the cloud. If not done in the right way this can introduce vulnerabilities, encourage unsafe working practices and significantly increase cyber risk.
While there is much to think about in these challenging times, organisations cannot lose sight of their goals in terms of cybersecurity.