Why A Remote Work Businesses Model Can Be Risky
The COVID-19 pandemic forced many employees to take their work (and their security risks) home with them. Three years later and many businesses have adopted the work from home model as standard for new and existing employees. While this shift has been beneficial in a lot of ways, it also brings inherent risks with it that must be addressed.
Benefits of Remote Work
There are quite a bit of benefits to the work from home (WFH) model for both employers and employees. For starters, productivity has been proven to increase when workers are logging on from an environment they find more comfortable. A Standard study showed that productivity increased by as much as 13% for employees working remotely. Workers felt like they could accomplish more and on a faster timeline with the increased flexibility. Employees spend less money overall on travel expenses whether that be gas or public transportation to and from work. Workers also report feeling an increase in job satisfaction when they work remote.
Remote work doesn’t only benefit workers, but also the companies they work for. Obviously, employers receive better quality work when their employees are happier and more productive overall, but businesses also save money on real estate and having to maintain one or more office spaces. With the tangible benefits that both workers and companies are feeling, it’s no wonder that there is such a huge transition to remote or hybrid work.
What Are The Risks?
While working from home may be appealing for many companies, it’s important to see the security risks that come with employees working abroad. All the same threats and vulnerabilities that exist within your office are only compounded as dozens of employees log on and access work data from insecure locations and network environments.
When your employees work in the office they are most likely connecting to some sort of protected network that includes firewalls, email filters, and other security protocols to protect them from external threats. Your workers are also much more vulnerable to social engineering when they are home rather than in the office. They may not click on a phishing link sent to their work email, but there’s no guarantee they’ll inspect their personal emails as closely. Additionally, other members of their household may not take the same security precautions, opening the entire network to attack.
A Lesson from LastPass
In August of 2022 LastPass, the popular password manager application, was a victim of a data breach that originated from within their development environment. At the time. LastPass claimed that only pieces of their source code had been stolen and nothing else.
In December of 2022 we would find out this wasn’t the case. LastPass revealed in December that attackers had gotten more than just source code from the August breach and made off with basic customer information including: end-user names, billing addresses, phone numbers, email addresses, and IP addresses that were used to access the application. This breach put a large amount of customer data at risk, while also hurting the trust LastPass had garnered as one of the worlds largest password managers.
It has recently been revealed that LastPass was breached via a Senior Engineers home computer. The attacks targeted a top level engineer who had the clearance and authentication to access the cloud and development environment of LastPass, using what LastPass described as a “third-party media software”, the attackers were able to install malware on the engineers home computer. From here they used keyloggers to gain the necessary login credentials to breach the company.
What can businesses learn from LastPass? First, it’s important to understand that if this can happen to the world largest password manager, then it can happen to anyone. As mentioned above, working from home comes with inherent risks that at some level are unavoidable. This increases the responsibility of individual workers to take their personal security as seriously as their work security.
What Should You Do?
What steps can you and your business take to reduce the risks of working from home? There are multiple practical and easy steps as well as more technical ones that will create a more secure remote environment for your workers.
Two of the easiest steps you can take to secure your remote environment is to practice good password hygiene and to implement MFA on all of your accounts. Your passwords should be unique to all of your accounts, use complex 10 character passwords, and not include any personal information. You should also implement MFA on all of your applications that will allow it. Multi-factor authentication adds an extra layer of authentication to reduce the risks of someone using stolen login credentials on your accounts.
Every business should provide access to a VDI or VPN for their workers to connect to while they are remote. This creates a more secure network for users to connect to so that they aren’t relying on their home networks to ward of threats. Your organization can better implement firewalls and email filters on a VDI than requiring your workers to set these up on their own.
These are just a few steps your organization should take to reduce the risk of your workers becoming external threats themselves. Your workers can enjoy the increased productivity of remote work, while you feel safer and more secure.
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Comments are closed