The Cybersecurity Challenges Of Working From Anywhere
BySarah Harris
Sarah Harris takes care of the customer support requests at Workast. She is also an avid writer.
Sarah Harris takes care of the customer support requests at Workast. She is also an avid writer.
The laptop digital nomad lifestyle has picked up steam for the last decade at an exponential rate. Experts and professionals from a range of professions from accounting to writing, graphic design, software design to legal services are providing their skills and talents online to clients working remotely from any part of the world. Individuals have also been running e-commerce ventures remotely with the help of a single computer, but certain cybersecurity challenges come with such convenience and efficiency.
Research has shown that many cyber-attacks happen due to employee negligence or lack of awareness about security measures relating to home devices. Since work and business information and accounts are being used remotely on home devices, especially since the onset of Covid-19, there has been an increase in malware such as Trojan horses. Furthermore, individuals using public Wi-Fi connections in coffee shops for example can pose to be a significant threat.
Data protection – remote workers need to take all possible precautions to protect their data especially if they are aligned with a certain organization and have authorization for codes or databases that are not public knowledge. Saving data in the cloud is one option and maintaining one or multiple external hard drives is another option. If a remote worker feels their home can be physically broken into with sensitive data being saved on USBs and hard drives they should get them encrypted and invest in a safe or security system with cameras. Whenever sharing data the freelancer should never use a public network and always have their own portable internet device. Data governance is key to protecting personal and organizational data and training can also be taken regarding cyber hygiene practices.
Updates- whenever using a phone or laptop, having all the right updates from the verified manufacturer is very important as they often include vital security patches. Without an update, your device might be more vulnerable to malware and cyberattacks and can fall victim to these ploys. Many people make use of endpoint management software to ensure all their devices have the necessary upgrades. If your laptop or phone is very old, at some point it also becomes slower and can be more susceptible to hacks so upgrade your device to a newer model every few years.
A good antivirus- while this may sound obvious, a good antivirus subscription can go a long way in protecting your data and accounts. Antivirus software can pick up and quarantine malware and prevent hacks to a significant degree that are phishing-related. Antivirus software also provides warnings when sharing data, opening files you have downloaded, or using someone else’s USB stick. While the free version will still cover many of these bases, a paid premium version is always worth it as the amount is nominal per year.
MFA or multi factor authentication- multi or two factor authentication should be a norm across all of your accounts both personal and professional. It generally means that log-in attempts need more than just the username and password and there needs to be a Google prompt or phone or email code that has to be entered to gain access. Research states that more than 90% of hacking attempts can be foiled in this way since gaining access to all the information within the designated time is extremely difficult as log-in codes expire within 5 minutes and new ones need to be generated.
Limit entry- organizational databases or even personal Google accounts or emails should have a strict bar on the entry of multiple people even if they are hired by the original freelancer as experts or team members. Restricting entry and keeping tabs on communal worksheets and documents may take time and effort but it is invaluable in preventing hacks and data loss. If a remote worker has access to a privileged account they should be monitored closely by someone within the organization to make sure all the log-in attempts are accounted for as is data transfer.
5G is now known to be a safer network for remote workers although it does have its own risks. One risk is that 5G allows the seamless connection of multiple computers and devices which can increase the risk of malware simultaneously affecting all of them although the improved authentication measures make this unlikely. Remote workers should still use all the aforementioned cyber hygiene practices and cultivate an awareness of advanced phishing attacks which are becoming more and more believable day by day.
Whether a remote worker is part of an organization’s workforce or self-employed, having a VPN is an excellent form of protection (always to be used in conjunction with other measures). Having a private network that is properly configured has many advantages but sensible practices such as multi factor authentication and updates and not clicking on suspicious links still need to be followed. If you are using a VPN in conjunction with a 5G network there is in-built encryption that may allow there to be multiple VPNs working together making it even harder for an external malicious party to gain access.
Hiring an external expert firm such as security analysts who look over your data protection and online practices and ascertain possible risks is a good preemptive measure so that you can patch up any loopholes that hackers can make use of. Soc 2 audit firms(service organization control) gauge your security measures and how you are handling sensitive information that is stored on your accounts or in the cloud.
The controls employed by the organization are studied in detail and compared with current trends and advancements in security measures to ascertain if they are appropriate. SOC 2 compliance consists of 5 important categories that must be satisfied which are namely privacy, confidentiality, processing integrity, availability, and security. An audit like this can take weeks to even a couple of months depending on the scale of the database the organization is dealing with and they ideally make recommendations in their report.