Blog: 5 Ways Remote Work is Putting your Company at Risk
5 minute read
June 24, 2020
Since COVID-19 forced many teams to start working remotely earlier this year, companies have started to seriously reconsider their attitudes to remote work. Just recently, 74% of CFOs said that they planned to shift some of their employees to remote work permanently.
While you’ve probably heard a lot about the benefits of this switch, like increased productivity, less geographical boundaries, time saving, and environmental impact, if done incorrectly remote work can be catastrophic from a cybersecurity perspective.
Even before remote work, IBM's CEO proclaimed cybercrime the “greatest threat to every company in the world,” projected to cost the world $6 trillion annually by 2021. The average cost to a business in the US after a data breach in 2019 was $8.19 million according to the Ponemon Institute, with healthcare breaches being the most expensive. These costs are much more than the direct financial loss from the breach; you have to take into account all the associated losses such as lost customers, legal fees and cleanup costs as well. And since the pandemic, the risks have only increased, with the FBI reporting that online crimes have quadrupled, and the UN warning of a 600% increase in malicious emails. It’s no surprise that over 76% of CEOs claim they are consistently losing sleep over the fear of becoming the next headline-grabbing security breach.
Remote work poses some significant risks to companies, and people aren’t talking about them. Let’s go through five common areas of vulnerability for your business and how to address them.
1. Your employee networks are insecure
There are two common misconceptions when it comes to home networks:
- You think your network is too small to be at risk of cyberattack
- You think your devices are “secure enough” out of the box
The fact of the matter is, attacks can and do occur on any network, and home networks are riddled with vulnerabilities. For example, Internet of Things or IoT devices, like smart speakers, security cameras, or internet connected doorbells or thermostats are growing in popularity. These devices often use a protocol called Universal Plug and Play, which opens ports in a network that hackers can exploit. As an employer, you have no visibility or control over these ports, like you would with your corporate network.
Tom’s guide put together a pretty good resource for improving your home security, but the only real way to be sure you or your employees aren’t compromising company data is through a penetration test, which is an authorized simulated cyberattack performed to evaluate the security of a system. This gets more complicated when dealing with a distributed workforce, because you have to account for all your employee’s networks, which is where a service like Intellectmap would come in.
2. Your employees aren’t prepared for cyberthreat
While it’s easy to pour money into securing your network, your cybersecurity is only as strong as its weakest link, which is normally your employees. In one study, human error was revealed to be the cause of a staggering 90% of corporate data breaches. While human error was probably your biggest weakness long before switching to remote work, COVID has brought about a 667% increase in phishing attacks, a common social engineering tactic where an attacker poses to be a trustworthy entity to trick victims into giving them sensitive data.
If your employees aren’t prepared to handle cyber attacks, it’s really only a matter of time until a slip up will lead to a major breach. The only way to effectively address this risk is through a thorough employee cybersecurity awareness training program, like Intellectmap’s.
3. You aren’t efficiently detecting threats
You might think that if you suffer a data breach, you’ll know immediately, but the average time to detect a breach is actually 206 days. The earlier you can detect and address a breach, the less damage is done to your company. In an IBM study, companies who were able to detect and contain a breach in less than 200 days spent on average $1.2 million less on the total cost.
You can address this issue in two ways. One way to help detect cyber threat is ensuring that you have good antivirus, antimalware and antispyware software, and that it’s up to date. This is helpful, but hard to ensure, since you’re dealing with potentially thousands of different devices, and nearly 50% of Americans don’t even use antivirus software.
Another way to detect a breach
is through analyzing and interpreting logs, which are records that are automatically generated by various technologies such as networking devices, operating systems and applications. Though manually analyzing the logs of all your employees is almost impossible, artificial intelligence has reached a point where algorithms like Intellectmap’s AI Log Analysis tool can quickly and effectively do the job for you. That being said, it’s still important to have a cybersecurity professional who can properly interpret the findings.
4. You’re sharing sensitive information over email
Email is notorious for being a vulnerability for companies, and not just because over 90% of malware is delivered via email. Unfortunately, shifting to remote work has resulted in an increased reliance on email for sharing information, with many employees using their personal email addresses for work matters.
Emails have a huge red target on them for hackers. Not only is email the most common form of web communication, it’s also the unique identifier for many online logins. To give you an idea of why it’s so attractive to hackers, think of how many password recovery links are sent to an email. If a hacker can break into your email, they now can have access to countless other accounts that are associated with it.
One way to help mitigate this risk is ensuring that your employees aren’t using their personal emails for work purposes. Personal emails aren’t covered by the same security policies as corporate networks, and when an employee uses their personal email, your IT department can no longer retain the same control and visibility. Using a corporate email can help, but it doesn’t eliminate the risk, as hackers can still break into your corporate email using different attacks such as keylogging or phishing.
Following these tips can help protect you from email hack, but in case your email does get hacked, you still want to minimize the damage by making sure that attackers can’t access any sensitive data. A great way to do this is by keeping sensitive data off email, or encrypting your email attachments with a passphrase using a service like Intellectmap’s SecureEmail, and then telling the recipient the passphrase over the phone.
5. You don’t have a secure file sharing service
Intellectual property theft costs US companies as much as $600 billion annually according to the Theft of Intellectual Property Commission. While encrypting your email attachments will certainly help protect your data, you’ll probably want to invest in a good cloud-based file sharing service for a more robust solution. If you don’t already have one, odds are your employees are using a personal one like a free Dropbox or Google Drive account to store company data. Just like with email, personal file sharing accounts are risky because you don’t have visibility into them and often they don’t have the same security settings like multi-factor authentication, stronger encryption, and password requirements that company platforms can enforce.
When selecting a cloud sharing platform, look into file safety during transfers, software bugs, and privacy of the cloud itself. While the big players like Google Drive do a great job with file safety during the transfers, bigger companies have more moving parts, and a slip up from one of their employees could result in a breach of your data. Plus, since they are well known, they are more likely to be used in phishing scams or targeted by hackers. While going with a major player is definitely better than none at all, you might want to consider smaller, more specialized cybersecurity services for file sharing, like Intellectmap’s secure portal.
Protect your remote workers with Guardian Angel
Intellectmap has been providing secure AI-based solutions to companies for over 15 years. Their service, Guardian Angel, was created with remote workers in mind. This solution addresses common cyberthreats for remote workers with services like:
- Penetration testing for all your employee’s systems to identify and mitigate their network’s vulnerabilities
- AI Powered cybersecurity awareness training that uses AI to identify the preparedness gaps in your employees and then provides personalized coaching that addresses their unique vulnerabilities.
- AI Log analysis for your employee networks, complete with smart alerts and expert review for suspicious activity
- A SecureEmail service protects email attachments and processes electronic signatures and approvals with military grade encryption.
- A secure online portal that allows users to share and collaborate on documents, track tasks, manage vendor and employee relationships and more with military-grade encryption.
Intellectmap combines a patented AI technology with a team of experts to provide a full solution to your cybersecurity needs. If you are interested in speaking to a consultant, sign up for a free consultation.
By: Catherine Sorensen
Back to Resources