It’s been three years since the world of office life was forever changed. Businesses clamored to comply with new public health policies without sacrificing everything they’d built, and work from home became our new norm. Since then, we’ve been through the ringer with data security risks and learning how to protect company assets while maintaining a remote workforce that only seems to be getting stronger. The question is – even after all this time, have companies really taken the steps necessary to secure their systems?
There are a lot of risks that are more easily addressed, and many measures have been implemented to mitigate outside threats such as setting up VPN’s, using multi-factor authentication, providing guidance on recognizing phishing attempts etc. Less talked about is preventing internal risk. Remote work can lead to an increase in insider threats, where employees intentionally (or unintentionally) compromise company data. This can include sharing sensitive information with unauthorized parties, using personal devices for work purposes without permission, or failing to follow established security protocols. The lack of direct oversight and communication that comes with working remotely can make it more difficult for companies to identify and prevent these types of threats.
As much as companies have tried to embrace the remote work culture, as it has its benefits for all parties, data from a 2023 Fortinet study demonstrates that organizations are more vulnerable when supporting a work-from-home model. “Of the companies surveyed, 62% reported a data breach as a “partial” result of staff working from home.” citing anything from lack of training to identity access management issues.
On April 3rd, Lookout, Inc. released its new report “The State of Remote Work Security” to raise awareness among IT and security leaders about the growing threats associated with remote work and bring your own device (BYOD) policies. The survey shows that personal and work tasks blur together more when working from home, and the boundaries between the two have become increasingly permeable. 32% of remote and hybrid workers use apps or software not approved by IT, and 92% of remote employees perform work tasks on their personal tablet or smartphone devices. These devices, apps and software, along with the corporate data being accessed, are not visible to IT, thereby dramatically increasing an organization’s risk posture. (StreetInsider)
In anticipation of Global Work from Home Day on April 10th – CybeReady, a global expert in security awareness training, has released a Remote Workforce CISO Training Toolkit that is now available to download for free. According to CybeReady, the Remote Workforce CISO Toolkit not only applies to home-based work environments, but also to co-working spaces where individuals from different companies or industries can work in the same physical location such as WeWork or Fusion Workplaces (SecurityBrief).
Penetration Testing is a great first step to assessing any existing vulnerabilities in your organization. If you have any concerns about security in your remote workforce, schedule a consultation with Elevate for assistance anticipating and addressing these threats.