Since the global rush to set up work-from-home environments this year, unsecured data has been piling up on personal devices and cyber experts say it’s putting businesses at risk.

A survey of 3000 remote office workers and IT professionals conducted by CyberArk in April 2020 shows that:

• 77% of employees are using unsecured devices to access corporate networks
• 93% reuse passwords across devices and applications
• 66% communicate and collaborate using tools with known security vulnerabilities such as Zoom and Microsoft Teams
• 40% of businesses didn’t alter their security protocols when they changed to remote working

These stats are proof that security wasn’t a top priority in the early days of transitioning to a work-from-home environment, when workers were using make-shift desks and home wifi setups to get on with their work.

On one hand, technology made the transition easier and enabled many office-based businesses to keep going through the uncertainty. On the other hand, home environments lacked the sophisticated office security systems that scan for and block suspicious activity.

What kind of data is at risk?

A business with a website continually creates data, especially if the site collects payments and has a social media presence, which itself continually gathers data about customers, demographics, web traffic and the habits of its users. This data is filled with potential, and it’s what some cyber criminals are after.

Other criminals are more interested in how much data is worth to its owner, and therefore if it’s worthy of a high ransom. This kind of data would include confidential files, confidential emails, customer data, operational and financial data.

Why is this data more compromised as a result of the move to a remote workforce?

Reasons include:

• Remote workers often use unsecure devices that are shared by other family members. This creates huge risk scenarios.
• Remote workers may not be connected to the office domain and thus don’t inherit the company configured and managed security and permission settings.
• Devices may not automatically be configured to constantly be patched with current security updates for operating systems, malware and virus signatures, and application updates.
• Home wifi networks are often insecure and easily “hacked” – most people have granted access to multiple family members, friends and visitors.

How do I secure my data?

Affordable and readily accessible cloud-hosted facilities mean there’s no excuse for companies not to ensure that measures have been implemented to minimise the risk of data being compromised. Some of these measures include:

• Migrate the office on-premise file and application server to a reputable cloud-hosted service provider – all personnel will thus connect to and transact on a secure permission-based server with effective security to ensure access is only to authorised users.
• Subscribe to a reputable cloud-based cyber security solution that is constantly and automatically updated. This will ensure all local data (data on the physical PC being used) is protected.
• Ensure all services, as far as possible, have management report features that allow company managers or owners to monitor and manage remote workforces effectively.
• Make it a policy that remote workers ONLY work on company owned devices (rather than their own insecure, shared devices) and that company devices are NOT allowed to be used by family members!
• Backup your data automatically every day with a dedicated backup provider. This way it’ll be encrypted while transferring to the backup server and instantly recoverable if needed due to accidental deletion of a file, file corruption or loss of a disaster recovery solution. If malware blocks your access to your applications and data, you’ll then be able to recover them in an unaffected environment, and continue operating while you sort out the disruption.

Find out more about things to consider when your employees are working at home.

The April 2020 survey shows that 94% of IT teams are confident in their ability to secure their remote workforce. This is possible with backup, communication and disaster recovery tools.

Because backup and disaster recovery are equally important, reputable providers are starting to offer both solutions in a single application with cloud-hosted management facilities. This is more convenient and useful than having separate solutions.

If you need to secure your remote-working team but aren’t sure how to begin, IronTree will guide you in your automated backup and disaster recovery options.

For additional remote working insight and how your data could be at risk, have a look at this article.