Cybercriminals are aware of these vulnerabilities and are increasingly targeting remote workers. In fact, a recent study by IBM found that the number of cyber attacks targeting remote workers increased by 72% in 2022.
Causes of remote workers' cybersecurity risks
- Expanded attack surface: When employees work remotely, they use a variety of devices and networks, including their personal devices and home networks. This expands the attack surface for cybercriminals, as they have more potential entry points into the organization's network.
- Reduced visibility and control: IT departments have less visibility and control over remote employees' devices and networks. This can make it more difficult to detect and respond to cyber-attacks.
- Increased reliance on cloud computing: Remote workers often rely on cloud computing services to access and store data. This can make organizations more vulnerable to attacks on cloud providers.
- Reduced cybersecurity awareness: Remote workers may be less aware of cybersecurity risks than in-office employees, as they are not surrounded by other people who are also focused on security. This can make them more susceptible to phishing attacks and other social engineering scams.
Cybersecurity awareness benchmarking
In October 2023, Skillcast undertook a survey of its customers to benchmark cybersecurity awareness amongst employees. It highlighted a training and knowledge gap in most areas, but particularly within social engineering and phishing. Numbers indicate the Net Preparedness Score of employees across 26 companies for each cybersecurity risk.
How to improve remote worker cybersecurity
Firstly, staff need to keep communication lines open with their IT team so they can easily get advice or ask for assistance.
Sometimes, the easiest way to access sensitive information is through physical means. If staff have a dedicated workspace for work, they need to ensure it is physically secure and never leave sensitive documents or devices unattended.
Once that hurdle is overcome, staff need to consider a number of other risks that are heightened outside of the office environment.
1. Maintain software & devices
Staff must keep their software and devices up to date. Software updates often include security patches that can help protect your devices from malware and other threats.
Regularly backing up data can mitigate the risks of a data breach or other security incident. Finally, hard drives should be encrypted to make it more difficult for unauthorised individuals to access data if a device is lost or stolen.
2. Use strong passwords & password managers
Although having a strong password may seem obvious, the World Economic Forum research shows that 80% of all breaches are due to weak passwords.
That's why educating your staff on the principles of strong passwords and the advantages of using password management tools is crucial.
Train your staff to create strong, complex passwords, stressing the need to avoid using easily guessable information like birthdays or names. Passwords should be at least 12 characters long and include a mix of upper and lowercase letters, numbers, and symbols.
Also, highlight the benefits of using password management tools. These tools securely store and encrypt passwords, enhancing security and protecting sensitive information.
3. Be wary of social engineering & phishing
Explain the critical importance of being vigilant in all online communications.
Cybercriminals often impersonate trusted individuals or organisations. Phishing involves fraudulent emails or websites impersonating legitimate sources to steal personal information, such as passwords or credit card numbers.
Phishing attacks are constantly evolving, employing increasingly sophisticated tactics to deceive users. So, you need to train staff on how to identify phishing attempts.
Staff should be wary of emails from unknown senders and never click on links or open attachments in emails unless they are sure they are legitimate. They need to verify the identity of anyone requesting sensitive information, particularly in unexpected or unsolicited communication, even when names seem familiar.
By fostering a culture of vigilance, your staff can significantly reduce the risk of falling victim to social engineering attacks, which are a common gateway to identity theft and fraud. This vigilance is crucial for maintaining online safety and protecting sensitive data.
4. Ensure internet connections are secure
Home routers connect staff to the internet and will not have the same levels of protection as office-based servers. And public Wi-Fi networks are likely even worse, so they should not be used for work-related activities whenever possible.
Router security is key in safeguarding their home network. Changing default router passwords is a fundamental step to prevent unauthorised access.
Staff should also enable WPA3 encryption for Wi-Fi networks and set up strong, unique Wi-Fi passwords to protect against unauthorised access.
Better still, enable a Virtual Private Network (VPN) for remote workers. A VPN creates a secure tunnel between your device and your company's network, encrypting your traffic and protecting your data from prying eyes.
5. Enable two-factor authentication (2FA)
Encourage the use of 2FA for online accounts whenever possible, as it adds an extra layer of security by requiring a one-time code sent to their mobile device during login, making it harder for unauthorised access.
Highlight the significance of 2FA in bolstering account security and how the dynamic element can deter hackers.
6. Protect privacy settings & controls
Cybercriminals can use social media to gather information about you and your company, which they can then use to launch attacks.
Guide your staff in adjusting privacy settings and using social media responsibly. Explain that limiting publicly accessible personal information and managing app permissions are vital for minimising identity theft risk.
Encourage your staff to proactively manage privacy settings on social media and online services, expressing the importance of restricting publicly accessible personal information to limit exposure to potential threats.
Explain that managing app permissions helps control data access, ensuring that only necessary information is shared with third-party applications and services, thus reducing the risk of identity theft.
Want to learn more about Information Security?
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.