Remote Work’s Biggest Challenges

The rise of remote work has had a tremendous impact on the way companies do business, introducing new cyber vulnerabilities for threat actors to exploit in all areas.

1. Increased Entry Points

Having more staff work from home widens an organization’s digital entry points, especially if companies are relying on employees to use their own devices and email accounts, instead of those provided in a managed security environment.

With unmonitored and/or inadequately protected personal networks, the millions of new remote workers that make up this expanded attack surface open up easy routes for cybercriminals to access corporate systems through domestic PCs, laptops, and Wi-FI routers.

2. Overwhelmed IT Infrastructure

While remote work is not new by any means, the seemingly overnight transition to telework back in March strained IT infrastructures worldwide, particularly those in the SME space. More than 80% of global companies have admitted they were unprepared to make the switch so abruptly. IT teams have had to mobilize quickly to manage the logistics of a remote workforce without compromising on functionality or efficiency.

Even after six months, IT staff are still responding to challenges created by a decentralized, work-from-home environment, including closing security gaps in technology, keeping employees up-to-date on good cyber hygiene, and strengthening the protection of third-party apps necessary to telework.

3. Greater Reliance on Third-Party Software

In this day and age, most companies are reliant to some degree on third-party software. However, in an effort to go completely virtual, many businesses have become wholly dependent on video conferencing tools, cloud applications, network resources, and more. In the wake of COVID-19, 92% of global companies had to adopt new technologies to work remotely. 69% of remote workers now require apps like Zoom and Microsoft Teams to collaborate with colleagues, communicate with vendors, or meet with clients.

But third-party apps may not always have sufficient security controls to ward off phishing scams or fake evites to online meetings. 39% of companies have experienced videoconferencing attacks in the past three months alone, with Canadian businesses among the most affected.

4. Data Retention

No matter the industry, all organizations—large or small, public or private, commercial or government—hold vast amounts of confidential financial and personal data and intellectual property. Given the circumstances, many now face increased cyber risk because they are collecting additional personal health information from employees, clients, and other visitors for temperature checks, contact tracing, or simply to prevent office-wide exposure.

Organizations must consider:

• How this information is being protected;

• How data retention policies are being modified to account for newly obtained health information;

• How long they will safeguard this data; and

• How data will be disposed of once is it no longer needed.

5. Budget Cuts

It’s been long established that cybercrime flourishes in times of upheaval, change, and economic hardship—in fact, it’s practically recession-proof. But that puts many organizations, especially SMEs in a precarious catch-22. This is why:

1. As financial pressures mount, organizations hit hard by the crisis may slash their budgets for all non-essential programs and personnel to save money. For businesses that haven’t previously experienced a data breach or that don’t consider themselves to be high-risk, that might include security programs and IT staff.

2. Without these protections in place, organizations may not be able to effectively remediate or even understand their cyber exposures, giving threat actors ample opportunity to infiltrate their systems.

3. Organizations may suffer an expensive and/or embarrassing privacy breach and hire additional IT personnel in response, though it may be too late to stave off the effects of lost business, loss of client trust, and reputational damage.

6. Distracted Workforce

We are in the middle of a global health crisis; everyone is distracted. People are coping with family issues, sickness, and other unplanned events. But threat actors thrive on heightened emotions. And they’ll prey on feelings of fear, confusion, and doubt to trick vulnerable users into downloading fake apps or clicking on malicious links about financial relief, a potential vaccine, or a public health update. Even with the best of intentions, employees might just accidentally miss a suspicious email or system irregularity.

COVID-19 aside, human error is still the biggest risk factor when it comes to cyber threat. The latest cyber claims data from Willis Towers Watson reports that 63% of security incidents are caused directly by employees, be it through accidental disclosure, social engineering scams, or ransomware infections.

Additionally, working from home may have weakened employees’ general sense of cyber vigilance. Away from the watchful eye of in-office IT support, workers might be more likely to use devices with insecure passwords, ignore security updates, or visit sites that would normally be prohibited at work. The lack of physical oversight over remote staff further compounds these issues.

What’s the work from home forecast?

According to the CIRA’s 2020 Internet Factbook Survey, 54% of Canadians are working from home due to COVID-19. But when they do return to their offices, they’ll have new expectations of their employers.

Why? The demand for workplace flexibility has been building for decades. And since lockdown measures have been implemented:

That’s not all. Once physical distancing restrictions are lifted, 73% of Canadian office professionals would like to telecommute more frequently. Many are even calling for a 30% office / 70% remote split. About one-third now say they’d be unwilling to work for a company that doesn’t allow telework.

And it’s not just the workers. In spite of security concerns, more and more employers are seeing the value in working from home. Here’s why:

• Quality: Work-from-home arrangements have noticeably led to greater efficiency, improved morale, and higher retention among remote workers compared to pre-COVID rates. As a result, managers and executives are less worried about impaired collaboration and lower productivity.

• Savings: Businesses are seeing considerable cost savings due to the elimination or diminished need for physical office space and supplies, travel, conferences, and more.

COVID-19 has ultimately accelerated a gradual, but growing shift towards remote work acceptance into a full-blown remote work revolution. Prior to the pandemic, approximately 3.6% of employees worked from home on a semi-regular basis. As we come out of the crisis, experts estimate that as much as 30% of the workforce could be permanently working at home multiple days a week by the end of 2021.

Evidently, remote work isn’t going anywhere—and neither is cybercrime. Having a remote workforce has already been found to raise the average total cost of a data breach by nearly $137,000, for an average total cost of $4 million per incident.

What can businesses do?

The new vulnerabilities created by remote work require new ways of prioritizing and mitigating cyber risk to safeguard data. All organizations must begin building and funding the cybersecurity strategies they’ll need to avoid major financial, legal, and reputational loss. A strong risk management approach should focus on:

To learn more about your risks—and how insurance can help—connect with PROLINK today.