top of page

Remote work: navigating the benefits and pitfalls

The shift to remote work has redefined the modern workplace, offering flexibility and increased productivity. However, this transformation has also introduced significant cyber security challenges.



Work from home (WFH) or remote working practices - basically working any place outside the office - became almost the norm in 2020 as the world became gripped by the Covid 19 pandemic, forcing businesses to consider alternative staff policies and different working approaches in what was a strange time for everyone.


Since then, many workplaces have simply maintained this remote working model, or formed a hybrid version of it. Whilst there are benefits of remote working, it's not without its risks.


Benefits of Remote Work from a Cyber Security Perspective


While remote work presents challenges, it also offers opportunities to enhance cyber security:


  • Decentralisation of Data: Distributing data across various locations can reduce the risk of a single point of failure.

  • Adoption of Cloud Services: The necessity for remote access has accelerated the adoption of cloud-based solutions, which often come with robust security measures.

  • Increased Awareness: The rise in cyber threats has heightened awareness, prompting organisations to invest more in cyber security training and infrastructure.

 

Pitfalls of Remote Work: Cyber security Risks


Despite the benefits, remote work also introduces several cyber security vulnerabilities:


1. Phishing and Social Engineering Attacks


Remote workers are significantly more susceptible to phishing attacks. Statistics indicate that remote employees are 3 times more likely to fall for phishing scams compared to their in-office counterparts. The isolation inherent in remote work can lead to decreased vigilance, making employees prime targets for social engineering tactics.


2. Use of Unsecured Wi-Fi Networks


Approximately 60% of remote workers utilise unsecured home Wi-Fi networks, exposing sensitive company data to potential breaches. Public Wi-Fi networks, often used in cafes or co-working spaces, further exacerbate this risk.


3. Inadequate Device Security


The use of personal devices for work purposes is prevalent among remote workers. These devices may lack essential security updates and protections, making them vulnerable to cyber threats. Notably, 55% of remote workers do not receive regular software updates on their work devices.


4. Insufficient Cyber Security Training


A significant number of organisations have not provided adequate cyber security training tailored for remote work scenarios. This lack of training leaves employees ill-equipped to recognise and respond to cyber threats effectively.



Guidance from the National Cyber Security Centre (NCSC)


The UK's National Cyber Security Centre (NCSC) offers comprehensive advice to mitigate the cyber security risks associated with remote work:

 

  • Implement Multi-Factor Authentication (MFA): Adding an extra layer of security beyond passwords can significantly reduce unauthorised access.

  • Regular Software Updates: Ensure all devices and applications are up-to-date to protect against known vulnerabilities.

  • Use of Virtual Private Networks (VPNs): VPNs encrypt internet connections, safeguarding data transmitted over unsecured networks.

  • Employee Training: Regular training sessions can equip employees with the knowledge to identify and respond to cyber threats effectively. The EMCRC offers Security Awareness Training as a Cyber PATH service. Enquire here.


Conclusion


WFH and any form of remote work is likely to remain a staple in the modern work environment. While it offers numerous advantages, it also necessitates a proactive approach to cyber security.


By understanding the associated risks and implementing the NCSC's recommended practices, organisations can create a secure remote working environment that protects both employees and company data.


Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


 
 
 

Comments

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page