As the pandemic led employees to work-from-home, the cyber threats facing businesses and their employees have rapidly grown. According to the U.S. Census Bureau, the number of people working from home tripled to 27 million from 2019 to 2021. With that rise, the number of entry points enabling cyberattackers to access proprietary company data has increased as well. Companies that previously only secured their office equipment are now vulnerable to a host of new threats targeting their remote employees working on personal devices and home or public networks.
Remote employees use personal devices on home or public networks for work every day for everything from reading emails to composing documents. Many workers likely don’t recognize the risks involved in doing so. Personal devices often have little to no protection, and employers typically lack insight into which personal devices their remote employees use for company business, meaning they have no way of ensuring those devices are secured. Organizations are only as strong as their weakest link, so if its personal devices, and home or public networks employees work on are not protected, cybercriminals can much more easily breach sensitive company data.
Remote employees are vulnerable to a number of serious threats—from phishing attacks that can lead to victims giving away passwords and other sensitive information, or to malware gaining access to devices and employees’ networks. Phishing attacks are a particularly notable threat, having increased massively in 2021, a trend that has continued into 2022.
Unsecured Wi-Fi networks are also a common path of attack by cybercriminals. Because people can work from anywhere there’s Wi-Fi, workers are frequently exposed to trackers, rogue networks, and Wi-Fi sniffing.
As the threat to companies rises with the increasing trend toward remote work, the responsibility for protecting company data falls to both the employee and the employer.
First, employees should secure their home networks and ensure they are using the latest cybersecurity protections, like antivirus software and VPNs. They should always remain vigilant of suspicious emails, requests, links and unusual email addresses, all of which are common signs of a phishing attempt.
Remote employees should adopt antivirus solutions that utilize endpoint detection and response (EDR), a methodology that can protect against external threats like malware and phishing. EDR tools provide home users with the most advanced cybersecurity capabilities available, combining data with behavioral analysis to detect threats.
When it comes to protecting employee networks, deploy a virtual private network (VPN). A VPN delivers a secure connection to a network, allowing users to confidentially and securely browse the internet from anywhere.
Remote workers should also upgrade their home network to the latest Wi-Fi 6 and 802.11ax. Wi-Fi 6 technology supports the Wi-Fi Protected Access 3 (WPA3) security protocol, which was announced in 2018 as a replacement for WPA2 because it has stronger user authentication capabilities and better encryption tools than the older standard.
Employees should also stay aware of signs of malicious activity. They should watch for unusual emails with strange URLs or files, and stay wary of social engineering attempts through social networks, which frequently trick unsuspecting users into giving away their passwords or answers to security questions. In addition, employees should pay attention to the operation of their computer. For example, if it’s suddenly unusually slow, or if there’s a sudden lack of disk space, it's potentially a malware attack.
Furthermore, employers have a responsibility to ensure that their remote employees aren’t vulnerable to cyberattacks that endanger company data. By offering their employees cybersecurity training and equipping them with the tools they need to protect themselves, employers can ensure that their data is safer from potential malicious activity.
Toward this end, companies need to train their employees to identify potential cyberattacks and take important and simple steps to prevent them, such as using a password manager and multi-factor authentication. They must ensure their employees’ devices are equipped with EDR tools and a VPN to mitigate the risk of cyberattacks and enable employees to securely work from anywhere.
Of course, there’s no such thing as 100% effective protection, so companies should regularly back up their important data. They also need to consider adopting cyber insurance to cover their losses if and when cyberattacks do take place.
With more people than ever working remotely, unsecured personal devices and remote Wi-Fi networks represent serious security risks—not only to individuals, but also to their companies. In today’s world, vulnerabilities at home are vulnerabilities at work. Companies and their employees must stay aware of these vulnerabilities and take immediate steps to address them.
Kobi Kalif, chief executive officer, ReasonLabs