Summary: The number of employees working remotely has increased over the last several years, especially during the recent COVID-19 pandemic. Learn about the potential cyber risks of allowing employees to work remotely and what can be done to help mitigate them.
As the United States continues to implement strategies to help reduce the spread of the coronavirus, many companies have created work from home policies
designed to keep their employees safe and healthy. As social distancing continues to be recommended, people are encouraged to increase the physical space between each other, which is not always possible in many types of workplace settings. Allowing employees to work remotely helps them stay productive in the safety of their homes, maintaining a “business as usual” mentality even during challenging situations – and it can also help keep them safe, healthy and from spreading the coronavirus.
All indications are that remote work policies or work from home benefits will continue to become more commonplace among businesses, not only as part of a business continuity plan
during a pandemic like COVID-19
, but in the future, too. However, it also means an ongoing threat to cybersecurity for businesses offering this benefit to their workforce.
AmTrust takes these risks seriously, and we also wanted to ensure a seamless transition as employees became required to work remotely. Ariel Gorelik, EVP/Chief Information Officer and Chief Operations Officer at AmTrust, reports "Thanks to my brave Infrastructure and PMO team and support from HR who made it easy for the entire company to transition in a matter of 2 days from our 90 offices around the globe to work from home. Stable network, stable DC circuits, enough VPN capacity and all systems and applications running as they are supposed to."
Growth of Remote Workers
While the coronavirus epidemic has caused many workers to shift to remote work, the number of employees working remotely was growing exponentially well before that – a 159% increase between 2005 and 2017 – according to a report
based on information from the U.S. Census and Bureau of Labor Statistics, Global Workplace Analytics and FlexJobs. Additional highlights from this report include:
The increase in remote workers can be attributed to several factors. Forbes
states that the variety of benefits remote workers enjoy can improve a business’s bottom line. Employees are more efficient as they encounter far fewer workplace distractions than in an office setting. They tend to experience less stress, as they don’t need to commute in heavy rush hour traffic, and those reduced stress levels lead to higher morale and more job satisfaction. Companies also incur less overhead and operating costs to keep the business running smoothly.
Reducing Cybersecurity Risks for Remote Workers
Let’s take a closer look at remote workers, the cyber risks they present and tips on how to minimize them.
Small Business Trends
Risk #1: Lack of Cybersecurity Training and Established Best Practices
reported that 48% of cyber attacks were due to a negligent employee or contractor. Ensuring that there is a training program in place for best practices on security is paramount in defending against cybersecurity threats. It is vitally important that everyone in the company, especially those who work outside of the office, are up-to-date on all security policies. Cybersecurity training for employees
should be an ongoing process. Businesses should consider doing more to ensure all employees are consistently updated about any potential security vulnerabilities, as well as how to recognize and avoid them. A report from Small Business Trends
states that “while many small businesses are concerned about cyberattacks (58%), more than half (51%) are not allocating any budget at all to risk mitigation.” The investment of a robust cybersecurity training program is a small price to pay when compared to what a data breach could cost the organization.
Risk #2: Using Unsecured Wi-Fi Networks
Employees often access company networks using Wi-Fi from popular locations (such as a coffee shop), making them more susceptible to the risk of an online attack. iPass
, a technology company that provides global mobile connectivity to enterprises, mobile operators and brands, conducted a mobile security report in 2018 that yielded the following results:
- 81% of CIOs said their company had experienced a Wi-Fi related security incident in the last year
- 57% of CIOs suspect their mobile workers have been hacked or caused a mobile security issue in the last year.
- 62% of Wi-Fi related security incidents occurred in cafés and coffee shops
No authentication is required on most public Wi-Fi networks
. This means the connections are not encrypted and could make it easy for malicious actors to steal data or access credentials. Cyber thieves position themselves between a person with an unsecured device and the connection point or spoof the connection point which means information is intercepted by the malicious actor.
How to Use Public Wi-Fi Safely
- Always use a virtual private network (VPN). A VPN serves as a buffer between the Wi-Fi connection and the mobile device. Any transmitted data is then encrypted to protect it from tampering and interception. Use a trusted and reputable VPN provider. While some providers charge a fee of around $10 for monthly service, some are free. Small businesses that use a Wi-Fi-related VPN will not only mitigate security risks, but also lower their risk profile, which may qualify them for a cyber liability premium discount.
- Use SSL or TLS connections. Although most people are not as prone to use a VPN, they can easily add encryption to communications by enabling the "always use HTTPS" feature on a mobile device. This ensures a secure connection to sites and is vital for any site where financial credentials are entered. If you see a warning about insufficient levels of encryption it may be time for a new device or an upgrade of your software.
- Utilize Two-Factor Authentication (2FA). 2FA means the user provides two different authentication factors to verify themselves for system access. This makes it harder for cyber attackers to gain access to devices or accounts since only knowing their potential victim's password is not enough to get past the 2FA security control.
Risk #3: Personal Use of Laptops or Lack of Physical Security
Using work devices to visit social media pages, answer personal emails or shop online is an example of risky behavior that a remote worker might engage in. Allowing non-employees like friends or family members to borrow devices for personal use is another example. This presents a risk of not being able to monitor the websites or files they access, potentially putting your company data at stake.
Physical security of company-issued devices is also a problem. This could be something as simple as leaving a device out in the open at home or in an unlocked car. Security breaches can happen simply because a device is stolen. Code42 reports
that in airports alone, a laptop is taken every 53 seconds. Here are some physical security tips to keep in mind:
- Physical security should be a key aspect of your business’s cybersecurity policy and best practices, and its importance should be emphasized for remote employees
- Monitor usage of company-issued devices to keep an eye out for a non-work related activity or the potential use by someone else other than the employee
- Remind all employees (especially remote workers) to keep devices on themselves and to securely store them when not in use
- Remind employees to hide their work when they are out in a public place so no one can see their screen, and to not leave devices unattended
- Keep the “find my device” setting on in the event it is misplaced
Choose AmTrust for Cyber Liability Coverage and More
AmTrust’s Cyber Liability Insurance
for small businesses provides a variety of services to address the modern-day risks and threats of business identity theft and data breaches and offers you peace of should something happen unexpectedly. Find out more with these five things to know about cyber liability insurance
, and read up on why business insurance is necessary for remote workers
To get started with a cyber liability policy, contact us
or your AmTrust-appointed agent today. This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.