It’s been almost three years since organisations instructed their employees to work remotely in a bid to control the spread of COVID-19, and most of us can agree that the time has flown by.
Remote working – or, since the end of the pandemic, hybrid working – has been immensely popular. Its benefits are well documented, from the flexibility that it has given workers to the opportunities it has provided to seek employment in far-flung places.
But amid all these perks, it’s easy to overlook the challenges of remote working. For example, IT and cyber security staff have pointed out that with employees based far and wide, the threat perimeter is greatly increased.
With employees no longer in the office and protected by the organisation’s physical and network controls, IT teams are all but powerless to help an employee who, for example, learns that their router is compromised or who chooses to do business in a public place.
While we’re not advocating for everyone to return to their offices, it’s essential that organisations and individuals understand the cyber security risks associated with remote working. It’s only when you acknowledge these problems that you can take steps to stay safe.
In this blog, we look at some of the biggest cyber security risks you should look out for.
Putting our faith in technology
Without the protections afforded to employees in the office, such as firewalls and blacklisted IP addresses, there is a much greater risk of cyber attacks.
This is exacerbated by the fact that employees’ jobs are much more reliant on technology. We communicate via instant message clients, video conferencing and emails, which are all subject to compromise.
Meanwhile, documents are in most circumstances saved and shared via the Cloud, meaning that organisations’ sensitive data is stored online. Even if employees password-protect those databases, the information is still vulnerable to attacks such as phishing, with cyber criminals looking to steal login credentials.
Access control
With a remote workforce, organisations have much less control over who can access sensitive information.
There are no physical controls, such as locks and passcodes, that could prevent unauthorised individuals from entering the premises. Instead, information and other devices are stored in people’s homes, and employers must trust that malicious parties won’t view the information.
This is a particular risk for senior employees who have highly classified information in paper or digital form. An opportunist criminal could sneak into their home office and grab important documents, potentially creating a disaster.
There’s also the risk of unintended breaches. Many types of information are subject to strict privacy rules, and should anyone else view it – whether it’s a family member, a friend or a visitor – it would be considered a data breach.
Likewise, many employees have used the newfound freedom of remote working to operate in public places, such as cafes or on public transport. This creates the possibility of people looking at their screens or paperwork and seeing classified information.
Personal devices
Employees often use their personal devices for work, whether that’s for convenience or because their organisation doesn’t have the resources to provide them with work computers or phones.
These blurred lines between personal and professional life increase the risk of sensitive information falling into an insecure environment.
There’s nothing your IT team can do to protect you from this, which is causing major headaches. Indeed, according to CISO’s Benchmark Report 2020,, 52% of respondents said that mobile devices are a significant challenge when it comes to cyber security.
Workers are overcompensating
One of the biggest criticisms of remote work is the belief that employees will spend less time working. However, research suggests that the opposite is in fact true. An Office of National Statistics study found that remote employees worked five hours a week more on average than those who worked in the office.
They also did six hours of unpaid overtime on average per week, compared to 3.6 hours for those who never work from home.
This is likely the result of home workers either overcompensating for the flexibility afforded to them, or their temptation to put in a few extra hours in their spare time given the accessibility of the work environment.
As admirable as it is to put in those extra hours, it makes people susceptible to mistakes. After a long, productive day, it’s so easy to make one critical mistake.
A Society of Human Resources Management study found that 35% of employees reported feeling tired or having little energy while working from home. This should be a major concern for organisations, because tired or unmotivated employees are liable to make careless errors – whether that’s in the quality of their work or a poor decision that jeopardises the security of sensitive information.
It could be as basic as saving a document in the wrong location or not configuring the database you’ve been working on properly.
How to handle security incidents
No matter where your employees are based, organisations can’t always prevent data breaches. However, they can minimise the damage by responding quickly and in line with regulatory requirements.
The majority of the damage from a data breach comes after the initial incident, with a Ponemon Institute report finding that organisations that can contain a breach within 30 days save more than $1million (about £826,000) compared to those who take longer.
Getting the right advice early is crucial. With our Retained Data Breach Management Service you will get all the guidance you need.
Our specialist data breach consultants will help you identify the best way to mitigate the damage and how best to proceed.
This includes guidance on whether you need to report the incident under the GDPR or other data protection laws, how to decide if you need to inform the affected data subjects and how to minimise further damage to them and to your organisation.