Now in its third year, the COVID-19 pandemic has forever changed how and where we work. Working remotely has proven to be more than a temporary workaround. For many, it’s become a permanent way to work and conduct business, even a new way of life. Over 4.7 million Americans now work on a remote basis at least 50% of the time.
According to Owl Labs, a video conferencing product manufacturer, 2021 was the year that the world stayed remote. It’s no surprise that a virtual work style has created opportunities and distinct advantages for businesses and employees. It’s also generated new cybersecurity risks. A Mercer study reveals that 70% of companies surveyed are implementing hybrid and fully remote work to adapt to new marketplace needs.
Remote Work and Cybersecurity Risks
While remote work has grown largely from pandemic business recovery efforts, it has also increased the potential for cybersecurity breaches. A data breach or cyberattack can have devastating consequences on a business and its employees. This is a pervasive, ongoing threat to data networks. Yet, remote teams often are not trained or equipped to prevent cyberattacks or to recognize suspicious behavior behind them. This is especially true for employees and vendors located across the country or around the world.
Security Risks From Tools and Remote Connections
The risk of a data breach severely changes when employees work virtually. New risks emerge when they use their personal equipment such as PCs, routers, and hand-held devices. Even if antivirus or anti-malware software is used, those devices could be infected with ransomware and other cybersecurity risks.
Another significant remote work risk is accessing or sending data with public internet connections when connecting to company systems or storage resources. If the data is not secure, third parties can tap into the unsecured connection and confiscate confidential business, consumer, or industry information.
Remote work requires employees to adopt a broader set of tools, which increases opportunities for cyberattacks. Remote workers could also unknowingly deploy applications like RDP and VPN clients, creating new potential security vulnerabilities.
The average total cost of a ransomware breach is a staggering $4.62M compared to $4.24M for the average data breach. IBM’s 2021 Cost of a Data Breach Survey shows that remediation costs have increased by 10%, although data recovery is never guaranteed.
Identifying Hackers and Cybercriminals
Cybersecurity attacks happen every day, all over the world. They are not limited to select regions or countries. Hackers and cybercriminals target businesses of all sizes, not only corporations and institutions. APTs or Advanced Persistent Threats are considered the most treacherous attacks.
Hackers and cybercriminals pose different threat levels since they don’t have the same purpose. Cybercriminals subvert data networks with malicious intent. Hackers look for ingenious ways to infiltrate a system whether the purpose is good or bad. But both can create disastrous outcomes.
Compromised data can result in lost revenue, high costs to recover data, and loss of brand reputation. In select industries like disaster management and healthcare, a data breach can even result in loss of life.
Remote Teams Need Written Cybersecurity Policies
With the ever-increasing data security risks, businesses need written cybersecurity policies for remote workers. The most important reason to have these policies is to prevent loss before it happens. Vulnerable data could include payroll documents, identification records, and confidential institutional information.
Employers need to pay extra attention to policies and expectations related to securing the technology their remote workforce uses. The COVID-19 pandemic provides many opportunities for cybercriminals to exploit unsecured technology systems, overworked information technology (IT) staff, and panicked employees adjusting to working from home.
“In the course of developing communications to employees, examine existing policies closely, such as confidentiality, information security, business continuity, BYOD,” said Joseph Lazzarotti, an attorney with the firm of Jackson Lewis. “If companies have specific requests, for example, if they don’t want employees working on public Wi-Fi, then that should be stated in the policy.”
What Should Be in a Remote Cybersecurity Policy?
While a remote workforce policy will vary based on the size and type of business, here are some key points it should address:
- Whom the remote policy covers and when it applies
- Physical and remote device security
- Network connectivity, including VPN access
- Standardized hardware and software, including firewalls and antivirus/antimalware programs
- Login credentials and data security
- Acceptable use of devices and information
- Data and network encryption standards
- Communication tools such as email, instant messaging, video conferencing
- How to stop a suspected breach or report suspicious behavior
- Compliance with policies, safety measures
Keep Cybersecurity Policies Current
Before creating or updating cybersecurity policies, organizations should review current policies for security guidelines about remote work. If none exist, they should establish basic guidelines for remote access to company information systems and employees using personal devices for company business.
Managers should make sure that security guidelines, plans, and policies include remote and onsite teams. Most employees do not work in cybersecurity, and some may have never worked virtually. But companies should review plans to ensure that everyone, regardless of work location, can effectively respond to a data breach or security incident.
Gregory Abrams, an attorney with Faegre Drinker in Chicago, says, “Employers must be ready to adjust quickly as circumstances change,” noting that new Department of Labor guidelines could affect remote work. For legal protection, policies should note that cybersecurity guidelines are subject to change, given the current business climate.
Secure Communication and Collaboration
For many employees, a laptop and a Wi-Fi connection might not be enough to stay connected with their team and be productive. Creating policies to ensure secure collaboration and communication processes is key to supporting remote teams since they don’t have the advantage of onsite resources.
Consider what types of communication tools work best in situations like manager one-on-ones, team meetings, or employee learning and development activities. Communication frequency between employees and their managers should be outlined in the policy, including what communication channels can securely be used.
Security Policies Protect You and Your Business
The flexibility and convenience of working remotely have created new opportunities as well as increased risk. Every organization needs a comprehensive cybersecurity policy for remote staff that includes clear risk mitigation instructions. In today’s evolving business landscape, this is an important way to protect business data at home, onsite or on the road, as well as the company’s future.
How Essential Data Corporation Can Help
Whether you need a team of consultants to produce a complete line of documentation or a single technical writer for a brief project, Essential Data’s Engagement Manager will lead the project from start to finish.
By Liz Eastlake