17 Aug 2021 • 10 min read
17 Aug 2021 • 10 min read
The Covid-19 pandemic led companies across the globe to adopt remote working. While a few companies had been working remotely even before the pandemic, the world of remote working is relatively new to most.
Given the suddenness of the situation, companies didn’t get the chance to prepare for what was coming. Unfortunately, this led to companies being exposed to some of the darker sides of remote work. One of these is the multitude of opportunities for data breaches.
Even though companies have been working remotely for quite a few months by now, data security practices aren’t well implemented. According to a survey of more than 200 executives by Malwarebytes, 20% of the respondents said that they faced a security breach as a result of a remote worker.
The number may be small, but when scaled to millions of remote employees across the globe, data security becomes a major point of concern. You may feel that these attacks are rare and your data is secure, but this is probably not the case. In just the first six months of 2021, we have had 6 major data breaches at an enterprise level!
In the below sections, we have highlighted how your data is at risk and how you can stay secure.
The short answer to this question is ‘Yes, it is’. The following points should give you a better idea of how and why.
Remote employees are most at the risk of phishing schemes. Through simple, harmless seeming clicks, your data may be obtained by cybercriminals and hackers. These criminals lure individuals to give up sensitive data such as login credentials and credit card numbers.
Often, it’s not at all difficult to get the email IDs of employees of any organization, and this can prove to be a major threat. Attackers can easily pose as a trusted entity and dupe your employees into giving up data.
Accept it, most of your accounts use the same password. Given how tough it can be to memorize various passwords, this makes sense. However, this makes it very easy for hackers to trace your passwords and access your data. Birthdates, parts of your name, etc. are terrible password ideas.
Now, a lot of websites impose restrictions on your passwords while setting up an account, but it’s still difficult to keep track.
If your device or wifi network is shared, then you’re directly putting yourself at risk. Working at cyber cafes, etc. means that you’d be exposing your data to other users. Shared wifi networks make it easy to trace data. Without a good firewall, you are at a potential security risk.
Apart from this, data on your smartphone and other devices is probably not encrypted. You may also be using shared printers, scanners, etc. which can put you at risk.
When you are sharing files from one user to another, it might be left un-encrypted. Employees share sensitive data such as files, client information, etc. This information can be accessed by a hacker with ease when in transit. Companies can’t afford to not encrypt this data.
Loss of files due to errors and negligence could also set you back quite a bit and needs to be protected against.
Remote work offers you the pleasure of not being restricted to any one location. While on one hand this lets you travel and work from anywhere, on the other hand it puts you at risk of physical attacks.
When working in a cafe, for example, anyone could be snooping over your shoulder and stealing information. Expensive devices are an easy bait for thieves and your data and device could both be lost besides putting you in physical danger.
Data loss is often due to employee negligence. This is something that you’d be better safe than sorry for. At the company level, policies can be implemented stating strict rules around data security.
Security protocols such as making sure that only personal wifi is used can and should be implemented. Employees are naturally more inclined to keep their stuff and data secure if it’s in the rules.
If you’re a SaaS business, it is also advisable to get your business SOC certified so that even your customers are assured that their data is safe with you.
Remote workers should consciously avoid using public wifi when outside. Using personal hotspots is a much safer option. Although the website traffic between the hotspot and its destination is unencrypted, at least you can’t get hacked by other people on the same wifi network.
Data plans from most mobile carriers are available at a reasonable price and it's best to make sure you have an active plan in the event of emergencies.
Following up on the above point, a VPN can be your most important solution to data protection. It may be a good idea to make it a must for employees to connect over VPNs as they act as firewalls against threats. This is because the data is then encrypted, safeguarding it. The end-user as well as corporations are secured.
Multi-Factor Authentication(MFA) is another great way to secure accounts when working remotely. It requires users to provide two or more verification factors to confirm users' identity in addition to username and password pairs when accessing accounts or apps. For example, this could mean completing a CAPTCHA test, inputting a temporary code, or identifying a fingerprint. Only after these authentications can users get access to their accounts.
Firms can get industry standard password protection services to avoid hackers easily accessing their data. Given that it’s not easy to remember passwords either, firms can also invest in a good password manager.
Cyber security tools can help you where your own protection falls short. A good antivirus software and firewall are basic needs of any individual working online and these should be installed in all your systems before even logging into any account.
When working remotely, it can get very tempting to use the same device for all purposes. However, you may have a dedicated work computer provided by your employer. In most cases, the IT team would be constantly installing new updates to your device and adding settings to secure your data from breaches. Strictly make use of only your work computer for work purposes.
Not only devices, accounts and apps also should not be mixed. Do not log in to a work call from your personal Zoom account. Try to also use only paid accounts for added security.
Losing data due to devices which fail you is not uncommon. Always make sure that your files are all backed up. Encryption of the data is also very important.
Might sound obvious, but just how many of the files you share with colleagues over mails, etc. are encrypted? As mentioned above, when in transit, your data is at risk. You can make use of software that makes it easier to ensure data security. For example, Dropbox has made their products particularly suited for distributed teams.
As far as physical security is concerned, the best move is to avoid areas where you could be at risk of any attacks. Also make sure that you aren't exposing your data directly to passers by if you are at a public place. In the event something happens, it’s best to have insurance covering your device. At home, too, you may face minor incidents that could damage your data. Home insurance while working remotely could be your solution then.
WFH (work from home) has become a new normal for employers and employees all over the world, which puts credential data of organizations as well as individuals at great risk. Except for the above-mentioned methods to secure your information while working remotely, a holistic bot management system would also be a helpful countermeasure, as nowadays up to 25.6% of all web traffic is contributed by automated bad bots. GeeTest’s leading AI-powered bot mitigation/management solution provides device, identity, and behavior authentication solutions to secure your business when working remotely(device and identity authentications are currently only available in mainland China). If your business is struggling with bot attacks or fraud, try our solutions.
Co-founder & CTO at Remote Tools
Subscribe to our newsletter