As we settle into the final quarter of 2021, businesses and employees are at a crossroads. Many employees would like to continue working from home. Employers want them back in the office. While some businesses have honored the continuation of remote work arrangements, others are beginning to ask their staff to return to the workplace for at least part of the work week.
People advocating for a return to the office say working in the office enhances collaboration and socialization between employees. Additionally, some employers are worried about cybersecurity threats and believe the office provides a more secure environment. In this article, we’ll examine this question: Is the office safer than remote? Additionally, we’ll discuss different cybersecurity vulnerabilities that exist for the office, hybrid, and remote scenarios.
Why employers think remote work presents cybersecurity risk
According to many reports, there was an unprecedented rise in cybersecurity threats during the pandemic as bad actors stole login credentials and executed phishing attacks using COVID-19 fears as bait. However, a new survey released by email security company Tessian found none of the attacks were linked to remote workers. Despite this fact, 56% of IT leaders believe employees have picked up bad cybersecurity behaviors since working from home; nearly three-quarters of IT leaders believe that the shift back to the office environment will result in safer security practices.
Much of the apprehension seems to center around a lack of visibility into what employees are doing on the business network and concern over home Wi-Fi security, especially when sharing a connection with other members of a household. Additionally, many employers believe that employees will be more likely to follow company security policies if they are in the office.
The human element: employee mistakes can happen anywhere
About 85% of owners believe their businesses are safe from hacking, data breaches, malware, and viruses. Unfortunately, this couldn’t be further from the truth. The fact is that cybercriminals will target businesses in any industry and any size; they are simply looking for the path of least resistance. That’s why it’s so important for all businesses to prioritize strengthening cybersecurity protocols at all levels of the organization before it becomes a big problem.
Many hackers try to work around network security perimeters and instead target unsuspecting employees. These bad actors prey on employee insecurities and trick them into opening a message with attachments that download ransomware or malware, compromising your business data and network. In the Tessian survey, more than a quarter of employees admit to making these mistakes and only half said they always report to IT when they receive or click on a phishing email. It’s important to remember that these mistakes can happen anywhere—whether an employee is a remote, hybrid, or office environment.
Some IT leaders believe that completely remote workers can be segmented in a way that protects central networks and office workers are protected by your network perimeter. On the other hand, hybrid workers can expose networks to increased risk every time they return to the office and reconnect to your network, potentially bringing in malware.
A distributed work environment expands the attack surface for bad actors
There’s no question that new security threats have increased as a result of the distributed work environment. Home connections are typically less secure than office connections, giving cybercriminals an easier path into the company network. Additionally, new online services and tools for collaboration and productivity often default to minimum security settings and are easily overlooked. That’s why “comprehensive and frequent cybersecurity training can no longer be considered a nice to have for businesses.”
It’s important to train employees to spot phishing emails—whether remote or in the office. One recent example of an email phishing attack happened to the California State Controller’s Office, which handles $100 billion a year. An employee mistake inadvertently gave hackers cloud access to internal documents and a “launch point” used to send phishing emails to more than 9,000 employees.
Three realities of cybersecurity
In a recent Forbes article, the author points out that businesses must recognize the three realities of cybersecurity in a distributed work environment to fully address the threat:
1) Growth and virtualization of the workforce expands the attack surface and increases risk.
2) Cyber risk does not have a “defined endpoint”
3) Employees are human; they are the weakest link in security
According to HP Wolf Security’s Blurred Lines and Blindspots Report, changing work styles and behaviors are creating new cybersecurity vulnerabilities for businesses. According to the survey, 70% of office workers use work devices for personal tasks and 69% are using personal devices for work activities. Therefore, cybersecurity risk is omnipresent.
Cybersecurity must be a priority for the entire organization
Despite the perimeter you’ve set up to protect your office network, it’s still a big target for bad actors. In fact, hackers are already refocusing their attention to those returning to the office. Hackers use tactics like phishing to trick employees into letting them in—no matter if employees are in the office, working remotely, or a combination of both.
Fortunately, there are practical ways your business can shore up cybersecurity that are applicable to all types of working environments. Here are tips you can use to protect your business and employees:
-
Set up and communicate clear security policies.
-
Regulate personal device use.
-
Address authorization and authentication procedures.
-
Train employees to spot and avoid phishing attempts and malware.
-
Provide vigilant IT support.
-
Educate employees about the dangers of unsecured public Wi-Fi and personal devices at home including password and IoT device best practices.