Remote Working is Everyday Working
Remote working is any work that's done away from your physical office. This is often referred to as telecommuting or working from home. The benefits of remote working often centre around being able to achieve success in your daily tasks without the need to commute to an office each day.
Whilst varying levels of remote employment existed before the pandemic in 2020, many workforces were forced to quickly adapt to allow more workers to work from home when lockdown rules came into effect.
As well as fully remote workers, many businesses have staff who have flexible working environments, such as office workers who still want to ensure they have a traditional desk in the office to maintain personal connections with colleagues and meet with clients via the traditional office environment.
Flexible working has long also been everyday working for workers who may not have the capacity to work from home on a full-time basis. This includes; legal professionals, field sales, building contractors, editorial freelancers, photographers and more.
What are the Risks of Remote Working?
Cybercriminals typically prefer to target people who work in HR or finance departments, as their job involves opening and managing multiple 'office' documents and handling personal and financial data - often coming from a variety of sources - paychecks, invoices, CVs, application forms, etc.
With the continued rise in the number of contractors, casual workers and freelancers, cybercriminals are beginning to shift their focus away from these traditional areas and onto self-employed workers. Freelancers often will communicate with vast numbers of people they won't know personally (prospective new clients), they will regularly open new files from emails and share personal information in their inboxes (invoices, bank details, etc).
As many freelancers work on laptops, mobiles and tablets on the go, they can be using insecure networks - whether that's at home, in the local cafe, in a motorway service station - it all makes them the perfect target for cyber criminals.
Hover over these boxes to learn more about the Risks of Remote Working
Weak security or unsupported networks can leave the door open to threats like 'Ransomware', which allows a hacker to break into your network, encrypt your files, then demand payment before you can get them back.
According to cybersecurity ventures, some of the most vulnerable targets for hackers are social media accounts, bank details, personal mail and online stopping details.
Loss of Sensitive Data
When a cyber-attack takes place, more often than not the intention of the attack is to steal a business’s financial detail, customer financial details, sensitive personal data, customers’ or staff email addresses and login credentials client lists, IT infrastructure, IT services (for example the ability to accept online payments) or intellectual property.
Using public wi-fi network security is often non-existent or very poor.
One form of cyber-attack that often takes place through public wi-fi is a Man-in-the-Middle (MitM) attack. This is essentially a digital form of eavesdropping and the clues in the title, an invasion of privacy occurs when a computer connects to the internet. Hackers can intercept these transmissions and read the data if there are insufficient protections in the wi-fi network.
If you were in an environment with a group of people you didn’t know, you would be reluctant to leave your mobile phone unattended and unlocked, right? Regardless of the device and who owns that device, you should never leave a device unsecured when it is not in use.
If you are not using your device, it should always be locked in order to help protect the documents, client information or financial records that are on it.
With remote working one of the many challenges that freelancers, contractors and consultants face is being able to hold private calls and conversations. If you occasionally work from coffee shops or hotel restaurants and take work calls whilst you are there, have you ever considered what information you could be exposing whilst you have this call?
The more locations that an employee works from, the more vulnerable a business’s network becomes. If you are an organisation that is welcoming the hybrid model, it’s key that you run security scans for all devices and review all applications to ensure that they are safe.
Have your staff developed any bad habits whilst working remotely? Are these bad habits creating more risk for your organisation?
Andy: Editorial Freelancer
Andy is an editorial freelancer who offers copywriting services, has a home office and works remotely five days a week. Andy enjoys connecting with clients and supporting his local community at some of the local cafes most Friday afternoons.
Andy sends invoices, project plans and contact details of his clients via email without any encryption.
Andy uses his mobile phone and tablet that contain unsecured applications, personal accounts and files which hold personal data.
Andy often prefers to use his personal email account when replying to clients outside of his working hours.
Andy supports local coffee shops when having online meetings with clients - there he takes advantage of the unsecured public wi-fi network.
How can you stay secure?
Working from home can leave individuals and their businesses in a vulnerable position, making them bigger and more valuable targets to cybercriminals.
According to IBM Security's 'Cost of a Data Breach Report 2021', the average cost of a data breach for businesses with 81% (or more) of their workforce working remotely was $5.54m. With a recent rise in device and cloud service usage to perform work-related tasks, cybercriminals have capitalised on this increase, leaving more and more people victims of cybercrime.
Even though there are many ways a cybercriminal could take advantage of your remote working environment, there are many ways you can protect your workspace and mitigate your cyber risk.
Hover over these boxes to learn how you can mitigate your cyber risk
Anti-Virus & Firewalls
Ensuring firewalls are enabled is also another first step in protecting you against cyber-criminal activities. A firewall works by blocking or filtering network traffic, to ensure your devices are protected against malicious software. A firewall will only allow sources that meet particular criteria set in the firewall settings and restrict access to anything that does not meet these requirements. Similarly to anti-virus software, firewalls may already be readily available on your device, yet there are other options available that offer different security and protection levels.
Backup your Files & Devices
Ensure you perform regular backups of your devices and data, and keep these in an isolated, secure location. Conducting routine backups will also allow you and your business to continue operating and avoid downtime in the event of a cyber-attack or data breach.
Keeping your login credentials secure and complex is a great way to ensure your accounts are protected. Cyber security experts now recommend replacing passwords with passphrases as they’re easier to remember and more secure.
A passphrase is a series of random words with no relation to one another, and including a number and punctuation will only increase its security levels:
‘Storm length month coal 7!’
Cyber Security Training
80% of cyber breaches are a result of human error.
It is imperative to ensure you are regularly implementing cyber security best practices and are aware of current cybercriminal trends in order to mitigate your risk.
Cyber Essentials certification is a government-backed scheme that was created to help demonstrate businesses have the appropriate levels of security in place.
Cyber Essentials works by evaluating a company’s technology defences to determine the current vulnerabilities and risk level. Once these risks are identified and managed, the company will be awarded the Cyber Essentials certification.
Andy: Editorial Freelancer
To keep Andy's clients and his business safe, Andy should...
When providing invoices, project plans and other sensitive information, Andy should send via a secured transfer service or an encrypted email account.
It's important for Andy to use only his work devices for contacting clients remember to uninstall any unsecured apps.
Whenever Andy is in a public place and needs an internet connection, he should use a personal VPN or, failing that, use his 4G hotspot when communicating with clients.
How can you stay secure in the Office? We've put together a handy guide which includes guidance on upgrading your Cloud Security, implementing Working from Home Policies and arranging Cyber Awareness Training for your team.
A Simulated Phishing Exercise can help to raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats. Training your employees so they know what a phishing attack looks like, means they are more likely to identify and report scams.