scitech
The Worst Data Security Practices When Working Remotely
With approximately 44% of workers in Great Britain engaging in some form of remote or hybrid work, remote work is becoming increasingly common. With this in mind, experts at Kiteworks, a company that unifies, tracks, controls, and secures sensitive content communications with a Private Content Network, have highlighted remote work cybersecurity risks and how organisations can ensure data security and compliance when employees work remotely.
Image by Stefan Coders from Pixabay
Over-reliance on VPN’s
Tim Freestone, Chief Strategy and Marketing Officer at Kiteworks, comments:
“While using a reputable and up-to-date corporate Virtual Private Network (VPN) is generally an effective way to enhance network security for remote workers, over-reliance on VPNs can actually elevate the risk of security breaches. A VPN should be just one component of a comprehensive, multi-layered security strategy.
Relying solely on a VPN overlooks other vulnerabilities, such as weak passwords. It is essential to prevent employees from developing a false sense of security when using a VPN and to ensure they follow additional best practices, such as using strong, unique passwords, enabling multi-factor authentication, and regularly updating software and security protocols critical to protecting your organisation.”
Insecure Networks and Communication Channels
“Organisations with remote employees that rely on insecure networks and communication channels, such as SMS or emails over a public Wi-Fi network, are at increased risk of cyber threats. Implementing security measures to protect your communication and data sharing is essential in a remote work environment.
Using end-to-end encryption, password protected WiFi networks, and secure file sharing solutions can significantly protect your organisation from online threats. Equally key is highlighting to employees the importance of maintaining a clear boundary between personal and work communication to prevent accidental data leaks.”
Image by Buffik from Pixabay
Inadequate Data Access Controls
“Granting excessive permissions to remote employees or third parties can lead to unnecessary data access, increasing the risk of data breaches within your organisation. For organisations with remote workers, it is vital to regularly track and audit access policies to detect any unauthorised activities. Access to content like financial information, customer records, and personnel files should be strictly limited to authorised users based on their current roles and promptly updated when access is no longer required."
Physical Security
“Neglecting the risk of physical security threats with remote employees increases the risk of stolen equipment, which can lead to a data breach. Employees that work in public spaces, such as coffee shops or airport lounges, are particularly vulnerable to leaving devices unattended, exposing organisations to the loss of sensitive data, including personally identifiable information (PII).
Failure to encrypt hard drives and other storage devices further exacerbates this risk, as stolen devices can be easily accessed, exposing sensitive information stored to unauthorised access. To mitigate these threats, organisations should implement strict guidelines for remote work, including mandatory encryption of all devices like laptops, mobile phones, and tablet computers.”
Device Sharing with Friends and Family
“Using unprotected personal devices while working remotely presents a significant risk, particularly when these devices are shared with friends and family, as this can lead to the accidental exposure of sensitive data or the introduction of malware.
Allowing friends and family members to use a work device could also constitute a compliance violation of data protection regulations that your organisation must adhere to. Whenever possible, employees should avoid sharing their work devices with others.”
Image by Werner Moser from Pixabay
What are the security risks linked to remote work?
When employees work outside the office, there is limited oversight of how they handle data, increasing the risk of improper data handling or inadvertent exposure to others. Remote work environments also present greater opportunities for family members, visitors, or even strangers in public spaces shoulder-surfing and viewing sensitive data on a computer screen.
Expanded attack surfaces pose a significant cybersecurity risk for organisations when employees work remotely. Remote work increases the attack surfaces for organisations beyond the corporate network. Employees' home networks and personal devices each serve as potential entry points for cybercriminals seeking to launch cyberattacks.
Kiteworks’ Freestone shares some of the most effective prevention measures organisations can implement in order to reduce these remote work risks:
Implement Security Controls:
“Security controls need to be concrete and supported by clear policies and practices, which should be well communicated to staff. This includes requiring strong password policies, encouraging the use of reputable password manager software to store strong passwords and refraining from using duplicate passwords across sites.
Additionally, implementing multi-factor authentication (MFA), using encryption tools to protect sensitive data in transit and at rest, and opting for cloud-based file sharing to prevent data from being stored directly on employee devices.”
Strengthen Corporate Data Security Protection Programs:
“To ensure a consistent approach to security, organisations should invest in strengthening their corporate data security and protection training programs. These programs should include annual training focused specifically on remote work security practices to better equip employees to protect sensitive company data.”
Invest in Strong Vulnerability Management Processes:
“Organisations should establish effective processes to identify, assess, and remediate vulnerabilities. This can be done internally or with consultants, using a risk-based approach to prioritise the highest-risk vulnerabilities like unsupported software and unrestricted access to sensitive information that could be exploited by attackers. This approach helps reduce the attack surfaces that could be exploited and provides protection for critical IT assets.
Run Regular Software Updates:
“Regular software updates, including operating system updates and security patches are essential. These updates should be managed centrally by IT teams or clearly communicated as mandatory to employees. Outdated systems with unpatched security gaps are prime targets for cyber attackers. Similarly, migrate away from systems and applications that have been “EOL’d,” that a vendor no longer supports.”
Use Secure Wi-Fi networks:
“Organisations should set and communicate strict policies regarding the use of public or shared Wi-Fi networks, especially when handling sensitive data. Instead, employees should be encouraged to use secure, private Wi-Fi networks whenever possible. This includes ensuring their home Wi-Fi networks are properly secured with strong, unique passwords and up-to-date encryption standards, such as WPA3.”