Working from home: The additional threats remote staff pose
Remote working brings many benefits, both for businesses and staff, but it does bring additional security risks that organisations should address
Home workers are more productive, need fewer sick days and, thanks to saving money on their daily commute, are wealthier too. But, working outside of the traditional locked-down IT environment, do they also pose more of a security risk than office-based staff?
Workers that use their personal devices for business may have their corporate apps rub shoulders with illegal or deceptive software on the same computer or smartphone. This means corporate data could be at risk from apps that appear legitimate but are anything but.
Similarly, home hardware may be used by others in the household – it doesn’t matter how security-conscious an employee is if they share a laptop with a teenager that's an enthusiastic member of file-sharing sites.
Companies may choose to provide remote workers with dedicated hardware, software and VPNs to keep the IT environment locked down, but there are other ways that those working outside of the office can open up their employers to security threats.
Something that homeworkers may need to contend with that workers that come in to an office and sit at the same desk every day don’t is a lower level of IT support.
Devices used by office-based staff will connect directly into an organisation’s network, meaning the IT department can easily take care of patching, antivirus and defending against external threats. As a result, staff in offices don’t really have to think about security from a technology perspective.
For those working remotely, the same level of support may not always be available. And the security of an employee's home office setup may vary according to their IT knowledge and their concern or awareness about maintaining good security hygiene.
Remote workers using smart home technology – also known as Internet of Things (IoT) devices – may also put security at risk by opening up extra connections to an organisation's network. From baby monitors to security cameras, smart lights to routers, remote workers may not even be aware of how many connected objects they have in their home.
A lack of security around each of those objects potentially provides a way into corporate systems: once the device is compromised, cybercriminals can leapfrog into other parts of the network.
Staff who prefer to work remotely but outside the home – in a local café or co-working space, for example – may expose their laptops, tablets and other devices – and the data they hold – to additional threats. Connecting to unsecured public Wi-Fi, rather than a secure office network, puts remote workers' machines at risk of man-in-the-middle or ‘evil twin’ attacks, where a third party can intercept data the employee was sending over the network. Of course, this is also a consideration for office-based staff when travelling for work.
Physical security too, can be an issue. For staff based solely in the office, computers are likely to remain on desks, in an environment that's only shared with other employees of the same company.
For those working remotely, hardware may be more in danger of loss or theft. IT managers can mitigate the threat to a degree with remote lock-and-wipe software and biometric logins for users.
Remote workers may also need education about other aspects of security around the storage of physical data, such as the proper way to destroy any printed material or use of portable storage to make sure the threat of any data breach is minimised.
For attackers looking to target a particular organisation, home workers may be perceived as an easy way into a corporate network and targeted accordingly. After all, a home worker is more likely to deal with colleagues purely by email or messaging services, and can't walk over to a colleague's desk to check if a communication is legitimate – potentially making them more vulnerable to attacks such as spear phishing or whaling.
Any discussion of working from home will necessarily come with an examination of the security threats such employees bring – for many companies, those risks are less familiar, and may seem harder to tackle as a result.
However, the benefits that embracing remote working can bring – a wider talent pool, a more content workforce – are clear. Often the dangers associated with working from home are extensions of those linked with office-based workers. With extra education and robust security policies, most companies should find they are more than up to the task of securing remote staff just as well as their office-based workers.