The prevalence of remote work, which grew substantially during the pandemic, is obviously not going away. In 2024, 65% of companies offer remote work arrangements. This includes hybrid work—some hours at the company and some remotely. It’s well established that employees prefer to have remote work options, with 66% believing it should be a legal right. So, if the nature of your business permits remote work arrangements and you’re onboard, it’s imperative to address cybersecurity concerns.
Recognize the threats
Don’t be an ostrich when it comes to the potential for being victimized by a cyber breach, especially if you have remote workers. According to the Hiscox Cyber Readiness Report 2023, cyber attacks cost U.S. small businesses more than $8,000 per business annually. Other sobering statistics:
- U.S. small businesses paid over $16,000 in ransoms over the past 12 months. Of those that paid ransoms, only half recovered all their data and half were forced to rebuild systems. And 27% of small businesses that paid ransoms were attacked.
- The most common points of entry were phishing (53%), unpatched servers/VPN (38%), and credential theft (29%).
These statistics don’t distinguish between breaches occurring at an office or remotely. But it’s safe to assume that breaches occur at or through the home offices of remote employees. These include:
- External threats. Malware to mess up data stored on a company’s hardware and ransomware to lockup data unless a bounty is paid can be bad actions that invade company hardware if remote workers can access or link to it. This can happen due to accidents or poor cybersecurity practices on the part of remote workers. Identity theft is another problem that can happen when employee/customer information is obtained through remote workers’ personal devices that are linked to company data.
- Internal threats. Unhappy employees can do a variety of malicious, and sometime illegal, things to express their feelings. This can be stealing sensitive information, embezzling funds, or purposefully screwing up company data to which they have remote access.
Set guidelines for security
Because of the varied and extensive cybersecurity risks posed by all employees, but especially remote workers who may use personal devices on company business, it’s imperative to set policies and practices. Some suggestions, which you probably heard before, but should certainly review and take seriously:
- Provide devices to remote workers that should be used exclusively for company business. Make sure these workers don’t install any apps other what that company directs.
- Protect access to devices with company information, or access to company information. This includes requiring identity verification tools, strong password policies (e.g., changing passwords on a regular basis), two-factor authentication.
- Require regular software updates.
- Provide cybersecurity training. Explain how to create strong passwords and protections for devices while in public places, such as Starbucks.
- Guard against thefts of devices. Over 2 million laptops are stolen each year, and 74% of this happens in public places or while traveling.
- Check your insurance coverage for cyberattacks. Are you protected if there is a denial of service (DDoS) attack where the company’s website is overwhelmed with bot traffic and can’t function? And what if this attack was made possible through a device of an employee working remotely? Again, are you covered and is that coverage sufficient?
Final thought
Hiscox, a leading insurer for small businesses, has a 4-question “What’s Your Cyber Security IQ? Test.“ How’s your security IQ?
More resources concerning cybersecurity and your business available in blogs here.
