Are remote workers at greater risk of cybersecurity threats?
Workplace cybersecurity habits of remote/hybrid employees
Workplace expectations have changed dramatically over the last few years, but none more so than when it comes to remote and hybrid work. In a report by LinkedIn, it is estimated that 45% of advertised roles in the UK job marketplace in August 2023 were hybrid, demonstrating how established this practice now is.
The debate about whether hybrid and remote workplace models are better for productivity continues to rage. However, a factor that needs special attention in a hybrid company is workplace cybersecurity.
Gone are the days when IT departments and cybersecurity teams had tight controls, where everyone was in one place and only using secure networks. Today, workers often have the ability to work outside the office, away from these controls. Do remote and hybrid workers follow effective cyber security safety practices without that oversight?
Analyst for Capterra, GetApp and Software Advice, focusing on technology and small business research trends in the UK market.
The password puzzle
Secure systems require secure passwords —often multiple. Striking the balance between easy accessibility and a passphrase that is hard for cybercriminals to crack can be tough. If a password is harder to guess it’s often easier to forget.
Despite this fact, research from GetApp has found that most SME remote/hybrid employees manage their passwords at work by memorizing them, followed by password management add-ons or software. In addition to this, over a quarter of the sample write their passwords down, whilst just under a quarter use spreadsheets to document them.
It’s interesting to see that most remote employees surveyed rely on older-fashioned solutions such as pen and paper and memory. Whilst memory is perhaps the safest option possible for protecting a password from bad actors, it isn’t always conducive to unique passwords or keys that are hard to guess.
However, unique passwords do seem a common practice for remote/hybrid workers. Nevertheless there are still many workers just using one main password for all websites. Worse still, it was observed that many employees who don’t use unique passwords for every different site say they use the same password across work and personal accounts, at least some of the time.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The number of people reusing the same passwords, or worse, sharing their passwords across accounts, is likely to send a collective chill down the spines of managers focusing on cybersecurity. This innocuous-seeming habit could present a real risk down the line if a hacker is able to gain access to personal accounts or passwords, as their workplace logins could also be compromised by extension.
How remote employees can play their part in cyber protection
A remote/hybrid workforce can open up fears of security vulnerabilities but it also helps companies focus on an important factor: employee-led security practices. These are important ways to protect a company against threats and the added challenge of managing a distributed team offers a chance to refocus those priorities.
Findings suggest that many workers live up to the challenge of maintaining healthy cybersecurity practices. It seems data security is of serious importance to remote/hybrid SME employees in the UK, who safeguard their devices with a variety of measures. These include practices such as regularly installing software updates, using two-factor authentication on their accounts, and making sure to always lock work devices when left unattended.
Whilst these results show good cybersecurity habits are common amongst remote employees, they are not yet at a majority level. Less than half of those surveyed practice these crucial security considerations such as installing software updates or using two-factor authentication. These are simple practices that are being left undone, which suggests more could be done to shore up security on the part of both employers and employees.
Fighting the threat of phishing
Phishing presents a big risk to workplace cybersecurity. Having steps in place and preparing employees to face these threats should be a priority for remote and hybrid businesses.
This is especially important now as data security threats appear to be on the rise. Studies show that the vast majority of SME employees have received at least one phishing email in their workplace, with most also having been subjected to more than one attempt.
Phishing emails are commonly spotted by staff and many simply delete or report the attack to company security teams. What’s more encouraging is that it is common for employees to change their password after noticing a phishing attempt. However, a small proportion of employees admit to opening phishing emails and even clicking on the links enclosed, demonstrating how further training is required on how to detect phishing threats.
Overall, there appears to be a good level of preparedness amongst remote/hybrid staff to deal with phishing attempts. However, there is still a question remaining about how these attacks may evolve in the future. Proper training in how modern phishing attacks manifest and keeping on top of how these kinds of attacks are evolving is therefore a crucial step. After all, even if only one person clicks a shady link in an organization, it could be enough to compromise the entire company network.
What remote employees can do to protect themselves and their company
There is clearly evidence that remote/hybrid employees do much to enforce a strong cybersecurity response. However, there is still much more that can be done to secure a business’s defenses.
With effective password practices, clear guidelines, and steps for what to do in a security emergency. It is also wise to help preparedness by spreading awareness about phishing attacks among staff. These are just a few small things that companies can do to make a big difference in the safety of their data and system security.
Overall there is no reason for a remote or hybrid company’s staff to be at greater than normal risk of a cyberattack. However, the findings do underscore the importance of making sure companies are robust in their enforcement of essential security measures.
We've featured the best business VPN.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
David Jani is an analyst for Capterra, GetApp and Software Advice, focusing on technology and small business research trends in the UK market.