We live in a brave new world, where almost half of all employees in Canada work away from the office at least half the time. Where appropriate, flexible work arrangements are helping businesses manage office costs, and helping workers to recalibrate their work-life balance for the better.
But all this freedom comes with a cost when it comes to cyber security. Remote employees can increase your risk of a hack or data breach in the following ways:
Go to your local café, and you’ll notice that lots of remote workers prefer to let someone else make their latte while they connect to work through the café’s WiFi network. Many of these networks are unsecured, and can literally be accessed by anyone within range, making your remote workers vulnerable to what is called a Man-In-The-Middle (MITM) attack, where a hacker can intercept information like work passwords. If the WiFi network is unencrypted, your workplace systems are now easy pickins’ for online bad guys.
It’s best practice for businesses to only allow their own devices to connect to their network online. Businesses that place an emphasis on cyber security will often provide laptops and smartphones to workers who work remotely. However, smaller businesses may be tempted to save the cost of the hardware, and allow their remote workers to connect with their own personal devices. This increases the business’ risk exponentially, as individuals may not be required to install and maintain security software and the latest patches to prevent their devices from being corrupted by viruses and other malware. If these devices connect to your network, it can become infected.
Although workers can and do use the computers at the office for personal browsing, this behaviour is known to be much more common for remote workers, who generally tend to blur the lines between work and home. The more personal browsing, the greater the risk that your employee will end up on a website infected with malicious code. Once the device is infected, that puts your entire network at risk.
Personal use of a business device is that much worse when a worker, who may keep their work laptop at home on a semi-permanent basis, allows their spouse, kids or someone else to use the machine. Your employee may have been trained on how to avoid getting hacked by avoiding suspicious websites and not clicking on links or attachments if they get an email from an unknown source. You can bet their kids have no such training.
The best way to protect your business systems from the hazards of remote workers is to have them connect to work via a virtual private network or VPN. Even if they’re connecting via unsecured WiFi, the VPN software that’s installed on their device will encrypt all data coming in and out. That will protect against MITM attacks, but the big threat remains personal browsing and clicking on questionable emails. Requiring all remote staff to install security software is a great idea, as is training on how to identify and avoid suspicious websites and emails.
No matter what precautions you take, every day, hackers are discovering new vulnerabilities in your network, and all you can do is try to stay one step ahead. In case one of those vulnerabilities leads to a breach and/or loss of your data, or that of your clients, every business should seriously consider adding cyber insurance to their existing insurance portfolio. It’s more affordable than you think, and could save your business money and embarrassment if you get hacked. Call Mitchell & Whale today for a no-obligation quote.
Want to add to this story? Let us know in comments below! Mitchell & Whale is a fast-growing insurance brokerage in Ontario, striving to make insurance _not suck_ one customer at a time. Give us a call today to discuss any of your insurance needs at 1.800.731.2228.