Hybrid working, remote working and working from home are concepts that entered many workplaces during the COVID-19 pandemic and the shutdowns of that period, which made it a necessity - even for companies that might not have been used to working in this way previously. For many employees, it proved to have many benefits, particularly in terms of greater flexibility and a better work-life balance, while employers could enjoy reduced costs and increased productivity in most cases.
But while there are many benefits to hybrid and remote working, it also makes both employees and workplaces more vulnerable to cyber attacks and data breaches if the same security standards are not maintained as in the office.
Why remote working can pose a security threat
When you work remotely, much of the responsibility for maintaining a necessary level of cyber security is left to you. This is true even if you are using a work computer that has been set up according to all the rules of best cybersecurity practice.
According to Verizon, as many as 82% of all data breaches in 2022 involved a human factor, i.e. social engineering phishing, human error or data misuse. This explains exactly why it's so important to be on top of security when working from less formal locations than the office. A company's confidential data is only as secure as its weakest link.
As an employee, you compromise security when, for example, you work from public WiFi networks where you risk becoming a victim of a Man in the Middle attack, or when you work from your private devices which may not be up to date with security.
How to increase security when working remotely in 10 steps
The following security tips are always a good idea to implement, no matter what location you may be working from. But they are especially important to remember when working from networks other than your workplace, which will typically be less secure.
Even if you work from home, you should have physical security in place. This means that you should not leave your computer unlocked. Make sure your home office is at least as secure as the office at your workplace.
Of course, this also means that you should never leave your computer if you are working outside, for example in a café, as there is a risk that your devices could be stolen.
Strengthen the security of your router
Many people forget to change the code on their router, which cyber criminals exploit to gain access to a network. Of course, this means your home network could be more vulnerable than you think. In fact, hackers can access your devices and internet traffic through your router.
The best thing you can do, of course, is to make sure a password is required to access your WiFi. In addition, change the default code to a long and unique password and make sure you always have the latest firmware updates so that vulnerabilities and security holes cannot be exploited.
Use a VPN
Using a Virtual Private Network (VPN) is especially important if you work from public networks. A VPN provides a secure and encrypted connection to the network over the internet.
A VPN allows you to access sensitive data on public networks without compromising security. For example, you significantly reduce the risk of a Man in the Middle attack when you use a VPN.
Maintain a work-life balance
It's important to separate your personal and professional life when working at home. This means using separate devices for personal and work purposes. The lines can get blurred when you work from home, but there are several reasons why it's important to separate.
You can never be completely sure that your home or work computer hasn't been compromised. By using separate devices for each purpose, you can reduce the amount of sensitive data that might be exposed in a potential cyber attack or data breach.
Encrypt your devices
Encryption can be an important security tool. In the event that your work computer is stolen, the sensitive and - arguably - confidential data on it won't be at the same risk if it's encrypted, because it prevents strangers from being able to access its contents without a password, key, PIN or other verification. Indeed, encryption makes content unreadable and incomprehensible to strangers who do not have the authority or permission to access it.
Keep your operating system and software up-to-date
To keep operating systems and software as secure as possible, it is important to remember to update them as soon as a new update appears. This minimises the risk of zero-day exploits, which is when cyber criminals identify vulnerabilities in operating systems or software and exploit them before software vendors have had a chance to close the security gap with an update. In other words, waiting just a few days to update your computer and programs/applications can do a lot of damage.
To make it easier for yourself, you can, for example, turn on automatic updating.
Use strong passwords
We can't stress enough the importance of strong passwords. It's a relatively straightforward way to significantly increase your security. It is important to avoid passwords that are easy to guess or that are statistically frequently used, such as "123456", "qwerty" or your date of birth. Your password should be unique, random and unrelated to you. In addition, you should avoid reusing passwords across your accounts.
Fortunately, there are several things you can do to make it easier for yourself. For example, you can use a password manager that generates long and unique passwords for each of your accounts and even remembers them automatically so you don't have to. The only code you have to remember is the code for the password manager itself. In addition, you can make use of multi-factor authentication, which is an extra layer of security for your accounts. When you log in to an account with your code, you have to go through one more step to get access. This will typically be a unique one-time code sent to your mobile via SMS, ID verification or fingerprint.
Antivirus software helps to protect your device from viruses and various forms of malware including spyware, ransomware, worms, trojans etc.
Antivirus identifies and recognizes the virus and then removes it from the system. The best types of antivirus work preventively, not only removing viruses but also ensuring that viruses do not infect your system in the future.
Enable Find My Device and Remote Wipe
In the event of theft of your computer, being able to locate it and ideally remotely wipe its contents before others gain access will increase information security. You can find out how to enable these features on your specific device by searching its settings or asking your favourite search engine.
Create a good working environment
Last but not least, it's important to create a good working environment without distractions. This means eliminating anything that might disturb your concentration, as it can take your focus away and therefore make you more vulnerable to cyber attacks such as phishing and other human errors. For the same reason, it is also important to remember to take breaks to keep your concentration.
How to increase security as an organisation
Of course, it's not just at the employee level that it's important to strengthen cybersecurity when working from locations other than the office. In fact, there are also several measures you can implement as an organisation with a remote workforce.
Implement cybersecurity awareness training
Cybersecurity awareness training is a good tool to implement to train employees to become strong at identifying threats such as phishing attempts. Cyber threats never stand still and hackers' methods are constantly evolving, so the training is designed to be dynamic so that employees are always best equipped to become the strongest cyber defenders.
The ongoing evaluation of employee performance in awareness training is also valuable for measuring the organization's overall cybersecurity performance.
Increase email security
Adequate email security protects sensitive information in email communications, prevents phishing emails from finding their way to your inbox and protects against email spoofing and unauthorised access.
Email security is particularly important because the vast majority of cyber attacks are initiated with malicious emails. For example, you can increase the security of your email using SPF, DKIM and DMARC, which can prevent spam and phishing from finding their way into your inbox.
Monitor third-party vendors and service providers
Your organisation may have a good handle on cyber security, but if a partner, vendor or service you use has security gaps, it could also be a threat to the security of your organisation. That's why it can be a good idea to keep an eye on security ratings.
Security ratings are a kind of dynamic measurement of an organisation's security posture. Security ratings can thus be used as a benchmark for an organisation's cybersecurity performance. The higher the rating, the better the organisation's cybersecurity.
Clean up privileged accounts
It's a good idea to limit the number of privileged accounts to make it harder for hackers to access them. Privileged accounts are particularly vulnerable to cyber-attacks and data breaches, and they are particularly vulnerable when employees with extended rights are working remotely. In addition, if you have many privileged accounts, it can be difficult to keep track of who has access to what. This can be enforced through a restrictive policy for creating and closing privileged accounts.
Improve cyber hygiene
Good cyber hygiene means implementing daily routines, safe behaviours and regularly checking up on your organisation's cyber security. This applies to your hardware, software, IT infrastructure, cybersecurity awareness training and employee devices, the latter of which is of course particularly important when employees work from home.
Invest in a password manager
A secure and easy way to ensure that all employees have sufficiently strong passwords and are not reusing passwords is to invest in and implement password managers. This way, organisations can be sure that the password hygiene of all employees is in order.
Encrypt your organisation's devices
Encrypting organisational devices can prevent outsiders from monitoring communications or reading confidential information. Encryption does not prevent interference by unauthorised parties, such as Man in the Middle attacks, but it does make information unreadable and unintelligible to those who do not have the authority to access it.
Maintaining a high level of security when performing hybrid or remote work requires good collaboration between the organisation and the employee. However, the relatively simple advice we have outlined here will significantly increase security. And whether working from home or the office, they're good to implement for improved cyber hygiene.
- Verizon, "2022 Data Breach Investigations Report."
Emilie Hartmann is a student and copywriter at Moxso, where she is a language nerd and always on the lookout for new and exciting topics to write about. She is currently doing her Master's in English, where she is primarily working in the fields of Creative Writing and Digital Humanities.