No matter the size, all companies are at risk from malicious threats, hackers, and organised crime. So securing staff devices to prevent them from being compromised (endpoint security) is essential.
Even if staff only work remotely occasionally, it is essential to design your IT security programme with remote devices in mind. A distributed workforce presents unique security challenges, and with the rise in remote working over the past few years, cybercrime has reached an all-time high.
In 2021, weekly cyberattacks on corporate networks were up 50% compared to 2020. And with the average data breach costing around $4.24 million, not investing in a robust endpoint security solution could have serious financial and reputational repercussions.
Remote equipment management platform Hofy runs through some of the key security challenges – and solutions – that come with remote working.
1. Increased digital information sharing
For remote teams, there is no option but to share information virtually. Email, instant messenger apps, cloud document sharing, video meetings, etc – all are susceptible to attack. In an analysis of 13 video chat applications, the US National Security Agency (NSA) reported that every single one had a security deficiency.
- Make sure staff password-protect all virtual meetings.
- Enrol employee devices onto a mobile device management (MDM) solution so you can monitor the security and mitigate risks by deploying security patches, software updates and ensuring baseline security controls are enabled.
2. Vulnerable networks
In an office, you can impose security protocols on their network to prevent external bodies from compromising them. This can include blacklisted IP addresses and firewalls.
However, on home broadband, public/coffee shop/airport WiFi networks, etc. you cannot impose the same measures. Many home WiFis are protected by factory-default passwords; some are not protected by passwords. Older encryption methods, such as Wired Equivalent Privacy (WEP) or WPS, are easily compromised.
Cyber criminals can also set up ’evil twin’ access points, which appear legitimate but allow the attackers access to sensitive data.
Similarly, public spaces – such as coffee shops and co-working spaces – often have limited security measures in place.
- Implement ‘Never trust, Always verify‘ security solutions. These solutions allow your organisation to continuously monitor and validate which users have access to applications and resources.
- Mandate that home workers routinely update their firmware/software.
- Incorporate encrypted disk drives into your security policy.
- Remain vigilant when connecting to any network.
3. Personal devices
Over half (55%) of employees claim to use their personal laptop or phone for work at least some of the time.
As with home or public networks, you cannot impose security measures on personal devices. And when asynchronous work is taking place away from offices, staff are more likely to download and use work-related apps, such as Slack, Zoom and Google Docs, onto personal devices. This can significantly increase the risk of sensitive information leaking into an insecure environment.
- Supply all workers with a company device which is configured with security measures and enrolled into a mobile device management (MDM) solution that can be managed remotely.
- Mandate that staff use only company devices for work wherever they are in the world. (Which may mean them travelling with more than one.)
- Ensure company devices are insured for all travel and remote use, as well as in the office.
4. Use of unauthorised applications
Staff may use external software not prescribed by your organisation for various reasons: they are more familiar with them, believe them to be faster, for example. But if security controls are not configured properly, cyber criminals may be able to access sensitive data.
Indeed, web application breaches make up 43% of all breaches and have doubled in frequency since 2019 (Verizon).
- Pre-install applications onto devices before delivering them to staff to reduce the likelihood of them downloading other apps.
- Create a list of approved applications with administrative oversight, and deploy tools that enforce the approved/not-approved list.
- Incorporate an efficient password policy based around an appropriate risk level.
- Utilise multi-factor authentication (MFA).
- Educate users around security awareness and leverage password managers.
5. Email phishing scams
Phishing scams have soared since the start of the pandemic. Using fraudulent domains to install malware and steal users’ information, stealing passwords to gain access to email accounts, etc.
70% of businesses have reported an increase in phishing attacks since early 2020. In April of that year, a time when most governments around the world had introduced home working orders, Google’s mail servers detected 18 million coronavirus-related malware and phishing emails per day.
- Staff training, tell them they must not ever:
- give away credit card or password information via email
- download attachments or click through email links from unverified sources
- store sensitive information on unverified websites.