The Top 5 Challenges Of Securing Remote Work

Uploaded on 2022-12-05 in TECHNOLOGY--Resilience, FREE TO VIEW

This time last year, we might not have imagined we’d still need to accommodate so many remote workers in our security plans for 2023. Any assumptions that we’d have returned more or less to ‘normal’ have been shattered.

Not only have organisations recognised the benefits to be gained from remote working, but it has become a privilege that employees expect.

Increased remote working has expanded the attack surface, bringing with it endpoint sprawl. Employees are accessing networks, systems and data from diverse devices in multiple locations, and cyber-attackers will keep targeting them as access points, hoping to catch them with their guard down.

In parallel, we’re likely to see a near complete decentralisation of IT capability in 2023. The more people work away from the office, the less they’ll want to lean on IT to get tasks completed. Less contact with IT will erode the visibility and control teams once had over enterprise systems and their users. 

According to research carried out in the summer by Apricorn, more than 60% of UK IT decision makers expect their remote workers will expose the organisation to a data breach. Almost 30% believe this has already happened - with remote workers having knowingly put corporate data at risk in the last year. The respondents cited phishing and user error as the main causes of breaches in their organisation.

The same survey questioned IT leaders on their biggest challenges when implementing a cybersecurity plan for mobile and remote working. The following five came out on top. 

1.    The complexity of managing the technology that employees need and use – cited by 42% of respondents.

2.    A lack of awareness among employees of the risks to data when working out of the office (38%). 

3.    Lack of confidence in security measures – with one third (32%) admitting that they cannot be certain their data has been adequately secured.

4.    Employees who are aware of the risks of remote working will still lose data and expose the organisation to a breach (31%). 

5.    Complying with legislation – with 29% saying that mobile or remote working makes it harder to comply with GDPR. 

There are three straightforward steps organisations can take to help address these obstacles in their cybersecurity plans for the coming year, all focusing on the endpoint - that potential entry ‘door’ attackers exploit to gain access to data and systems.

Mitigating The Human Risk

Whether intentional or not, employees’ actions – or inactions – are frequently to blame. Ongoing education has a critical part to play in plugging the awareness gap, by engaging remote working employees in remaining vigilant and following security policy at all times. 

As well as cybersecurity best practice, they should understand the specific threats and risks to the organisation, and the consequences of mishandling data and devices when out of the office. This will help to make sure people genuinely want to ‘do the right thing’. A set of ever-evolving policies that clearly lay out what ‘the right thing’ is, detailing security procedures and how to follow them, is essential.

Wherever possible, policy should be enforced and automated in technology, to remove the decision from the end user; for example locking USB ports to only accept approved storage devices. 

Encrypt All Data & Back It Up Offline

Mandating the encryption of data as standard, on the move and at rest, will address the issue of technical complexity, as well as assuage any doubts about how secure information is. The approach is also specifically recommended in Article 32 of GDPR as a way of safeguarding personal data.

Encrypting data ensures it remains fully protected: even if a remote worker leaves a device containing in a café or an Uber, the data will be unreadable to anyone without the decryption key.

Additionally, employees should be required to make offline local backups of the data they create and handle. This will protect information, and provide the best chance of restoring it in the event of a ransomware attack or technical failure, for instance.

Storing data on an encrypted removable hard drive or USB is a practical way of doing this. These devices can be disconnected from the network to create an ‘air gap’ between information and threat. They also give remote workers a way to move information around safely offline.

When employees are working away from the office, they need unhindered access to systems, applications and confidential data. Embracing this means accepting that they’ll expose the organisation to risk. The answer to overcoming the security challenges of a remote working environment is not to scrutinise or limit what employees do; this will only stifle productivity and frustrate people. Instead, organisations should take a strategic and proactive approach that devolves some responsibility for ensuring the integrity of information onto individuals, while applying encryption to build a last line of defence.

Jon Fielding is Managing Director EMEA of Apricorn

You Might Also Read: 

No Slack In The System:

 

« Trump Turns Down Twitter
Cybersecurity Risk Management In The Real World »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

AtkinsRéalis

AtkinsRéalis

AtkinsRealis is a market-leading design, engineering and project management consultancy operating in fields ranging from infrastructure, through energy and transport to cybersecurity.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

Cyber Senate

Cyber Senate

Cyber Senate is dedicated to bringing Operators of Essential Services together with global subject matter experts to address the challenges of evolving cyber threats to critical infrastructure.

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

Netrix

Netrix

Netrix is a Mexican company specialized in IT Security, with more than 18 years of experience in Managed Services, Professional Services and Turnkey Solutions related to Security.

Swascan

Swascan

Swascan is the first all-in-one, GDPR Compliant, Cloud Security Suite Platform. GDPR Assessment, Web Application Scan, Network Scan, Code Review.

CyCraft Technology Corp

CyCraft Technology Corp

CyCraft is an AI company that forges the future of cybersecurity resilience through autonomous systems and human-AI collaboration.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

PT Prima Cyber Solusi

PT Prima Cyber Solusi

PT Prima Cyber Solusi is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Cyber Readiness Institute (CRI)

Cyber Readiness Institute (CRI)

At the Cyber Readiness Institute, our mission is simple: empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient.

Senteon

Senteon

Senteon is a turnkey cybersecurity platform designed to make securing confidential data affordable, understandable, and streamlined for small-to-mid sized businesses and MSPs.

Rimstorm

Rimstorm

Rimstorm’s mission is to significantly improve the security of your data using award-winning, state-of-the-art technology combined with cyber managed security services.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.

Serbus

Serbus

Serbus Secure is a fully managed suite of secure communication, enterprise mobility and mobile device security tools.

Technology Mindz

Technology Mindz

Technology Mindz is a leading provider of cybersecurity services. We offer a wide range of services to help businesses. Our services are Identity and access management, Governance risk and compliance.