Organisations of all sizes are at risk from hackers, organised crime, and malicious threats. Endpoint security - the practice of securing employees’ devices from being compromised by malicious bodies - is therefore essential for protecting your corporate network.
If your employees work remotely on even a part-time basis, you must design your IT security programme with remote devices in mind. That is because a dispersed workforce presents unique IT security challenges; and indeed, the rise in remote working over the past few years has correlated with cybercrime reaching an all-time high.
In 2021, weekly cyberattacks on corporate networks were up 50% compared to 2020. Since the average data breach costs $4.24 million, not investing in a robust endpoint security solution could be the death of your organisation.
Below, we run through some of the key IT challenges - and actionable solutions - that come with remote working.
Remote teams have no option but to share information virtually. Even highly sensitive conversations and documents are shared via networks, rather than by word of mouth or sight.
All digital communication mediums - such as instant messengers, emails, cloud documents and video calling - are susceptible to attack. The average employee receives 14 malicious emails per year; and, in an analysis of 13 popular video-chatting applications, the US’ National Security Agency (NSA) concluded that every single one had a security deficiency.
In offices, IT departments can impose security protocols, such as blacklisted IP addresses and firewalls, on their network to prevent external bodies from compromising them.
An IT department cannot impose the same measures on a home broadband or public WiFi. Many home Wi-Fis are only protected by factory-default passwords, or no password at all. Older encryption methods, like Wired Equivalent Privacy (WEP) or WPS, are easily compromised.
Cyber criminals can also set up fraudulent access points (referred to as “evil twin” access points), that appear legitimate, but allow the attackers to access sensitive data.
Similarly, public spaces - such as coffee shops, libraries or co-working spaces - often have limited security measures in place.
Over half (55%) of employees claim to use their personal laptop or phone for work at least some of the time.
Like home or public networks, IT departments cannot impose security measures on personal devices. When employees work on asynchronous schedules, away from offices, they are more likely to download work-related apps, such as Slack, Zoom and Google Docs, onto their personal devices. This significantly increases the risk of sensitive information leaking into an insecure environment.
Employees may use applications outside of those prescribed by your company for various reasons: they are more familiar with them from previous roles, believe them to be faster etc. But if security controls are improperly configured, cyber criminals may be able to access sensitive data.
Indeed, web application breaches make up 43% of all breaches and have doubled in frequency since 2019 (Verizon).
Phishing scams have soared since the pandemic began. Taking advantage of people’s thirst for knowledge about the virus, hackers have set up fraudulent domains to install malware and steal users’ information.
Since early 2020, 70% of organisations have observed an increase in phishing attacks. In April 2020, at a time when most governments had just introduced home working orders, Google’s mail servers detected 18 million coronavirus-related malware and phishing emails per day.
Solution: Employee training. Advise employees to:
Another way to reduce the risk of phishing attacks is to stop using email as a medium to exchange sensitive information, for example employee data with external payroll providers, by automating people operations.
At Hofy, we have designed our IT support package for remote teams hiring globally. Through Hofy, you can: