Remote working is every day working for some people, as many people are still choosing to stay away from the office. But WFH, or working anywhere other than the office, carries risks. Let’s take a look…
You’ll be aware of the acronym WFH by now. As Covid 19 struck, and we were encouraged to ‘only go into the office if we absolutely must’, people set up their offices in their front rooms, spare rooms, kitchens, lofts, sheds and summerhouses. Anywhere that was practical and comfortable, we made it our office.
But remote working isn’t confined to just the home environment. Any work that’s done outside of a physical office is referred to as telecommuting - the ability for an employee to complete work assignments from outside the traditional workplace by using telecommunications tools such as email, phone, chat and video apps.
People wanting to disconnect their home life with their working day sought other working areas. Coffee shops were taken over, cafes were deluged, libraries saw in increase in visitors and some people even went down the pub to get their work done.
Prior to the pandemic, flexible or remote working for the majority was something that occurred when a usual work base was unavailable. But now, there are many professions where remote working is everyday working, for example, marketing and communications freelancers, project consultants and even those in administrative functions for construction and home improvement businesses.
With Covid restrictions having lifted, people are free to return to the office. But many are choosing an office/remote split, and the trend of hybrid working has emerged.
But all this remote working unfortunately comes with increased cyber security risks, and this is often due to insufficient knowledge of basic cyber safety and poor cyber hygiene habits. If you work for an organisation, you are typically given cyber security training when you first join and then ideally on an annual basis.
However, for those who are self-employed and working as freelancers or consultants, this is not the case, and they are responsible for their own training and knowledge.
What are the main cyber security risks with remote working?
Having unsupported devices with weak security
The loss or theft of sensitive information (bank details, client details, login information)
Using public wi-fi - this is not always secure (Read our ‘Staying safe on public wi-fi’ blog for more on this)
Being caught out by using duplicate or malicious 4G hotspots
Having unsecured devices with out-of-date software/applications
Workers sharing confidential information and having private conversations in public places
So, how can individuals protect themselves when working remotely?
Whilst remote working does present a number of cyber security risks, there are steps that businesses of any size can take to help mitigate these risks.
One key method of ensuring you are working securely is to implement a cyber security policy. By having a policy, you set the standards of behaviour for digital activities such as the encryption of sensitive data and the access permissions for systems.
According to the recently published Cyber Security Breaches Survey 2022 from the Department for Media, Culture and Sport, there has been a 9% decrease in the number of businesses who have cyber security policies that cover remote or mobile working, whilst the number of charities covering it increased by 10%.
The report also revealed only 32% of businesses and 26% of charities are using a virtual private network (VPN) for employees that are connected remotely.
Even though there are many ways a cybercriminal could take advantage of your remote working environment, there are also many ways you can protect your workspace and mitigate your cyber risk.
Make sure you have anti-virus software and an up-to-date firewall
Remember to back up your files and devices
Ensure your company has given you security awareness training
Obtain and achieve cyber essentials
Who is at risk?
Basically, anyone who works remotely.
However, there does appear to be a new trend. With the continued rise in the number of freelancers, cybercriminals are beginning to shift their focus away from other targets and onto micro-businesses - including self-employed workers and/or freelancers.
Freelancers tend to communicate a lot with people they don’t know personally, for example, prospective new clients, and they will regularly open new files in emails and share personal information in their inboxes such as invoices and PayPal details.
As many freelancers also work on laptops on less secure networks - whether that’s at home or at a coffee shop, café, pub etc - it makes them a perfect target for cybercriminals.
But, to reiterate, anyone who works remotely is at risk. But if preventative measures are put in place, better practices are observed, and cyber security guidance is adhered to, your remote working risks and threats will be significantly decreased.
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to firstname.lastname@example.org. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).