Remote Workers and Cybersecurity Risk

Topics: Cyber Liability

The number of employees working remotely has grown exponentially – a 159% increase between 2005 and 2017 – according to a recent report based on information from the U.S. Census and Bureau of Labor Statistics, Global Workplace Analytics and FlexJobs. Additional highlights from this report include:

remote workers and cybersecurityremote workers in the USgrowth of remote workers

The increase in remote workers can be attributed to several factors. Forbes states that the variety of benefits remote workers enjoy can improve a business’s bottom line. Employees are more efficient as they encounter far fewer workplace distractions than in an office setting. They tend to experience less stress, as they don’t need to commute in heavy rush hour traffic, and those reduced stress levels lead to higher morale and more job satisfaction. Companies also incur less overhead and operating costs to keep the business running smoothly.

All indications are that remote work policies or work-from-home benefits will continue to become more commonplace among businesses. It also means an ongoing threat to cybersecurity for businesses offering this benefit to their workforce. Let’s take a closer look at remote workers, the cyber risks they present and tips on how to minimize them.

Risk #1: Lack of Cybersecurity Training and Established Best Practices

Small Business Trends reported that 48% of cyber attacks were due to a negligent employee or contractor. Ensuring that there is a training program in place for best practices on security is paramount in defending against cybersecurity threats. It is vitally important that everyone in the company, especially those who work outside of the office, are up-to-date on all security policies.

Cybersecurity training for employees should be an ongoing process. Businesses should consider doing more to ensure all employees are consistently updated about any potential security vulnerabilities, as well as how to recognize them and avoid them. A report from Small Business Trends states that “while many small businesses are concerned about cyberattacks (58%), more than half (51%) are not allocating any budget at all to risk mitigation.” The investment of a robust cybersecurity training program is a small price to pay when compared to what a data breach could cost the organization.

Risk #2: Using Unsecured Wi-Fi Networks

Employees often access company networks using Wi-Fi from popular locations (such as a coffee shop), making them more susceptible to the risk of an online attack. iPass, a technology company that provides global mobile connectivity to enterprises, mobile operators and brands, conducted a mobile security report in 2018 that yielded the following results:
  • 81% of CIOs said their company had experienced a Wi-Fi related security incident in the last year
  • 57% of CIOs suspect their mobile workers have been hacked or caused a mobile security issue in the last year.
  • 62% of Wi-Fi related security incidents occurred in cafés and coffee shops

No authentication is required on most public Wi-Fi networks. This means the connections are not encrypted and could make it easy for malicious actors to steal data or access credentials. Cyber thieves position themselves between a person with an unsecured device and the connection point or spoof the connection point which means information is intercepted by the malicious actor.

How to Use Public Wi-Fi Safely

Always use a virtual private network (VPN). A VPN serves as a buffer between the Wi-Fi connection and the mobile device. Any transmitted data is then encrypted to protect it from tampering and interception. Use a trusted and reputable VPN provider. While some providers charge a fee of around $10 for monthly service, some are free. Small businesses that use a Wi-Fi-related VPN will not only mitigate security risks, but also lower their risk profile, which may qualify them for a cyber liability premium discount.

Use SSL or TLS connections. Although most people are not as prone to use a VPN, they can easily add encryption to communications by enabling the "always use HTTPS" feature on a mobile device. This ensures a secure connection to sites and is vital for any site where financial credentials are entered. If you see a warning about insufficient levels of encryption it may be time for a new device or an upgrade of your software.

Utilize Two-Factor Authentication (2FA). 2FA means the user provides two different authentication factors to verify themselves for system access. This makes it harder for cyber attackers to gain access to devices or accounts since only knowing their potential victim's password is not enough to get past the 2FA security control. Read more about Wi-Fi security in our blog post, “How to Avoid Public Wi-Fi Security Risks.”

Risk #3: Personal Use of Laptops or Lack of Physical Security

Using work devices to visit social media pages, answer personal emails or shop online is an example of risky behavior that a remote worker might engage in. Allowing non-employees like friends or family members to borrow devices for personal use is another example. This presents a risk of not being able to monitor the websites or files they access, potentially putting your company data at stake.

Physical security of company-issued devices is also a problem. This could be something as simple as leaving a device out in the open at home or in an unlocked car. Security breaches can happen simply because a device is stolen. Code42 reports that in airports alone, a laptop is taken every 53 seconds. Here are some physical security tips to keep in mind:
  • Physical security should be a key aspect of your business’s cybersecurity policy and best practices, and its importance should be emphasized for remote employees
  • Monitor usage of company-issued devices to keep an eye out for a non-work related activity or the potential use by someone else other than the employee
  • Remind all employees (especially remote workers) to keep devices on themselves and to securely store them when not in use
  • Remind employees to hide their work when they are out in a public place so no one can see their screen, and to not leave devices unattended
  • Keep the “find my device” setting on in the event it is misplaced

Choose AmTrust for Cyber Liability Coverage and More

AmTrust’s Cyber Liability Insurance for small businesses provides a variety of services to address the modern-day risks and threats of business identity theft and data breaches and offers you peace of should something happen unexpectedly. Find out more with these five things to know about cyber liability insurance, and read up on why business insurance is necessary for remote workers.

To get started with a cyber liability policy, contact us or your AmTrust-appointed agent today.

This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.

Time Zones