fbpx

The Top 6 Remote Work Security Concerns

PROLINK Blog

The Top 6 Remote Work Security Concerns

December 4, 2020

COVID-19 has drastically redefined how, when, and where work is performed. Most companies have gone virtual, with interviews, meetings, and even entire conferences being held digitally. From banking to onboarding to e-commerce, more business than ever is being conducted online.

Graphic of a professional working remotely
Graphic of a professional working remotely

Remote Work’s Biggest Challenges
The Work From Home Forecast
What Can Businesses Do?

COVID-19 has drastically redefined how, when, and where work is performed. Most companies have gone virtual, with interviews, meetings, and even entire conferences being held digitally. From banking to onboarding to e-commerce, more business than ever is being conducted online.

While many companies have traditionally offered work-from-home privileges to a few select individuals, we will soon be settling into a post-pandemic world where remote work is the expected employee norm. And despite not necessarily choosing to do so, employees and employers alike are seeing the benefits of remote work, citing convenience, flexibility, and work-life balance as key factors.

However, with millions at home, remote work has become a major security consideration. According to the Acronis Cyber Readiness Report 2020, 31% of companies around the world have been targeted by a cyberattack at least once a day during the pandemic. Cybercriminals are increasingly integrating COVID-19 related themes into their schemes—Canada has already seen a massive spike in phishing and ransomware attacks aimed at quarantined workers.

What are the main concerns? How will remote work alter the cyber risk management landscape? And more importantly, what can businesses do about it? Read on to learn more about the remote-work revolution of COVID-19 and what you can do to protect yourself.

 

Disclaimer: Please note that the information provided herein offers guidelines only. It is not exhaustive and does not constitute legal, insurance, or cybersecurity advice. For more guidance, please consult a lawyer, a licensed insurance representative, and/or a cybersecurity specialist.

Remote Work’s Biggest Challenges

 

The rise of remote work has had a tremendous impact on the way companies do business, introducing new cyber vulnerabilities for threat actors to exploit in all areas.

 

1. Increased Entry Points

 

Having more staff work from home widens an organization’s digital entry points, especially if companies are relying on employees to use their own devices and email accounts, instead of those provided in a managed security environment.

With unmonitored and/or inadequately protected personal networks, the millions of new remote workers that make up this expanded attack surface open up easy routes for cybercriminals to access corporate systems through domestic PCs, laptops, and Wi-FI routers.

 

2. Overwhelmed IT Infrastructure

 

While remote work is not new by any means, the seemingly overnight transition to telework back in March strained IT infrastructures worldwide, particularly those in the SME space. More than 80% of global companies have admitted they were unprepared to make the switch so abruptly. IT teams have had to mobilize quickly to manage the logistics of a remote workforce without compromising on functionality or efficiency.

Even after six months, IT staff are still responding to challenges created by a decentralized, work-from-home environment, including closing security gaps in technology, keeping employees up-to-date on good cyber hygiene, and strengthening the protection of third-party apps necessary to telework.

 

3. Greater Reliance on Third-Party Software

 

In this day and age, most companies are reliant to some degree on third-party software. However, in an effort to go completely virtual, many businesses have become wholly dependent on video conferencing tools, cloud applications, network resources, and more. In the wake of COVID-19, 92% of global companies had to adopt new technologies to work remotely. 69% of remote workers now require apps like Zoom and Microsoft Teams to collaborate with colleagues, communicate with vendors, or meet with clients.

But third-party apps may not always have sufficient security controls to ward off phishing scams or fake evites to online meetings. 39% of companies have experienced videoconferencing attacks in the past three months alone, with Canadian businesses among the most affected.

 

4. Data Retention

 

No matter the industry, all organizations—large or small, public or private, commercial or government—hold vast amounts of confidential financial and personal data and intellectual property. Given the circumstances, many now face increased cyber risk because they are collecting additional personal health information from employees, clients, and other visitors for temperature checks, contact tracing, or simply to prevent office-wide exposure.

Organizations must consider:

  • How this information is being protected;

  • How data retention policies are being modified to account for newly obtained health information;

  • How long they will safeguard this data; and

  • How data will be disposed of once is it no longer needed.

 

5. Budget Cuts

 

It’s been long established that cybercrime flourishes in times of upheaval, change, and economic hardship—in fact, it’s practically recession-proof. But that puts many organizations, especially SMEs in a precarious catch-22. This is why:

  1. As financial pressures mount, organizations hit hard by the crisis may slash their budgets for all non-essential programs and personnel to save money. For businesses that haven’t previously experienced a data breach or that don’t consider themselves to be high-risk, that might include security programs and IT staff.

  2. Without these protections in place, organizations may not be able to effectively remediate or even understand their cyber exposures, giving threat actors ample opportunity to infiltrate their systems.

  3. Organizations may suffer an expensive and/or embarrassing privacy breach and hire additional IT personnel in response, though it may be too late to stave off the effects of lost business, loss of client trust, and reputational damage.

 

6. Distracted Workforce

 

We are in the middle of a global health crisis; everyone is distracted. People are coping with family issues, sickness, and other unplanned events. But threat actors thrive on heightened emotions. And they’ll prey on feelings of fear, confusion, and doubt to trick vulnerable users into downloading fake apps or clicking on malicious links about financial relief, a potential vaccine, or a public health update. Even with the best of intentions, employees might just accidentally miss a suspicious email or system irregularity.

COVID-19 aside, human error is still the biggest risk factor when it comes to cyber threat. The latest cyber claims data from Willis Towers Watson reports that 63% of security incidents are caused directly by employees, be it through accidental disclosure, social engineering scams, or ransomware infections.

Additionally, working from home may have weakened employees’ general sense of cyber vigilance. Away from the watchful eye of in-office IT support, workers might be more likely to use devices with insecure passwords, ignore security updates, or visit sites that would normally be prohibited at work. The lack of physical oversight over remote staff further compounds these issues.

What’s the work from home forecast?

 

According to the CIRA’s 2020 Internet Factbook Survey, 54% of Canadians are working from home due to COVID-19. But when they do return to their offices, they’ll have new expectations of their employers.

Why? The demand for workplace flexibility has been building for decades. And since lockdown measures have been implemented:

Canadians Reporting Reduced Commute Times

Canadians Reporting Saving Time

Canadians Enjoying Better Work-life Balance

Canadians Reporting Saving Money

That’s not all. Once physical distancing restrictions are lifted, 73% of Canadian office professionals would like to telecommute more frequently. Many are even calling for a 30% office / 70% remote split. About one-third now say they’d be unwilling to work for a company that doesn’t allow telework.

And it’s not just the workers. In spite of security concerns, more and more employers are seeing the value in working from home. Here’s why:

  • Quality: Work-from-home arrangements have noticeably led to greater efficiency, improved morale, and higher retention among remote workers compared to pre-COVID rates. As a result, managers and executives are less worried about impaired collaboration and lower productivity.

  • Savings: Businesses are seeing considerable cost savings due to the elimination or diminished need for physical office space and supplies, travel, conferences, and more.

 

COVID-19 has ultimately accelerated a gradual, but growing shift towards remote work acceptance into a full-blown remote work revolution. Prior to the pandemic, approximately 3.6% of employees worked from home on a semi-regular basis. As we come out of the crisis, experts estimate that as much as 30% of the workforce could be permanently working at home multiple days a week by the end of 2021.

Evidently, remote work isn’t going anywhere—and neither is cybercrime. Having a remote workforce has already been found to raise the average total cost of a data breach by nearly $137,000, for an average total cost of $4 million per incident.

What can businesses do?

 

The new vulnerabilities created by remote work require new ways of prioritizing and mitigating cyber risk to safeguard data. All organizations must begin building and funding the cybersecurity strategies they’ll need to avoid major financial, legal, and reputational loss. A strong risk management approach should focus on:

Security: 

Add extra layers of protection to all networks, systems, and devices. Beware of phishing and email fraud. Develop tailored incident response and business continuity plans in the event of a breach. For a detailed list of cybersecurity measures, click here.

Education:

Work towards a robust cyber risk culture. Raise awareness surrounding your exposures. Provide ongoing training or partner with a third-party organization that offers a range of forensic or educational resources. Find ways to meaningfully engage workers and offer incentives or rewards for doing so. The more we know, the more we can prevent.

Insurance:

For maximum protection, consider Data Security & Privacy Breach Insurance coverage. Your general liability insurance won’t cover a breach, but a dedicated cyber policy can help offset some of the potential financial loss from legal fees, damages, and associated expenses.

To learn more about your risks—and how insurance can help—connect with PROLINK today.


PROLINK’s blog posts are general in nature. They do not take into account your personal objectives or financial situation and are not a substitute for professional advice. The specific terms of your policy will always apply. We bear no responsibility for the accuracy, legality, or timeliness of any external content.


    Personal InsuranceCommercial EnterpriseAssociations & Affinity GroupsLife & Benefits


      Personal InsuranceCommercial EnterpriseAssociations & Affinity GroupsLife & Benefits

      Generic filters
      Exact matches only