There’s been a significant increase in the number of people working remotely in 2019, according to a special analysis done by FlexJobs and Global Workplace Analytics. In fact, 80% of U.S. workers say they would turn down a job that did not offer remote working capabilities. However, the rise in remote workforce arrangements also comes with an increased risk of data security incidents.
As far as data sharing and security, remote workers are defined as any employee who spends time outside of a company’s physical office space and maintains access to internal company resources and files accessed within the company’s infrastructure.
Where remote workers are at risk
Designed to mimic the office experience from a different location, remote employees have the ability to access corporate servers, customer data, email, databases, and the cloud all from their laptop or mobile device. Logging in to any of these networks without the company’s private internet connection increases the risk for that employee experiencing a data security incident and for information to be compromised.
Remote employees have the highest risk of being compromised whenever they are using public Wi-Fi. These “hotspots” are a type of network that allows any pedestrian or passerby to access Wi-Fi for free, usually without even signing in. These can include a network available at a coffee house, cafe, or restaurant chain or a publicly available hotspot at a transportation hub.
Logging in to any of these networks without the company’s private internet connection increases the risk for that employee experiencing a data security incident and for information to be compromised.”
The most popular way for remote employees to be compromised is through email. This is usually done by malicious actors gaining access to an employee’s email, then sending phishing emails to other users in their trusted network of contacts. A typical example is an email appearing to come from a CEO or another C-level executive asking for a favor, like purchasing gift cards or clicking on a link that can lead to a landing page to harvest user credentials.
Take these preventative measures
There are a few types of controls that employers and workers can use to help protect data when accessing company resources remotely. Installing and updating these programs will help strengthen the company’s network security to help prevent potential information leaks and breaches.
VPNs: Known as a Virtual Private Network, VPNs use “virtual” connections routed through the internet from the company’s private network or a third-party VPN service to the remote site or employee, protecting their browsing activity and any information that is shared. This is an excellent first step for a company setting up a remote employee arrangement.
2-Factor Authentication: A security process in which the worker provides two different authentication factors to verify themselves as they sign in to a company’s network remotely. It protects the worker’s log-in credentials, as well as the resources they can access.
Data Loss Protection: This software (also known as Data Loss Prevention) allows a network administrator to control what data workers can transfer and to whom. It helps prevent workers from sending sensitive or critical information outside of a company’s corporate network and serves as a strong stopgap for potential breaches or information leaks.
Advance Detection Mechanisms: There is software that uses machine learning and AI that can help detect attacks that use advanced malware or have persistent remote access. The software helps detect various patterns of behavior to alert network administrators accordingly. While more sophisticated, these mechanisms are becoming more common as malware becomes more complex.
While data security should be a top priority for employers, remote workers can take even more steps to do their part and protect their wireless connections, software, and hardware. Installing voluntary network equipment like company-issued firewalls helps add a layer of security if malicious activity is detected. They should also maintain regular communication and coordination with their company’s IT department and alert them of any suspicious software activity or behavior.
In addition to data breach prevention, companies should have a response plan in place should an incident occur. Companies must have succinct processes in place for what to do and who to call and alert of the incident, along with timing parameters. All employees, especially remote workers who might not have face time with senior leadership or IT, should be briefed on the plan and know what to do.
Douglas Brush is the vice president of Cyber Security Solutions at Special Counsel an Adecco company. He is a globally recognized expert in the field of cybersecurity, incident response, digital forensics, and information governance.