Over the last two years, remote working has become very popular for companies and employees. And it’s here to stay! Whether you allow your team to work remotely, in the office, or something in-between, you should be aware of some hidden security risks that can interrupt normal business operations.
This article will discuss endpoint threats and habits that your remote employees may be making, which present danger to businesses of all sizes.
What is Endpoint Security?
Let’s define what endpoint security means for a company.
According to Statista, endpoint security refers to protecting every entry point of end-user devices such as desktops, laptops, or mobile devices from being exploited by malicious actors. In short, endpoint security should help organisations detect, investigate and manage devices to protect them from any cybersecurity threat.
What does Endpoint Security mean for the modern IT hybrid workplace?
SDI research and many other studies have shown that employee expectations have significantly changed. Flexible working and work-life balance have become a top priority for many employees.
So, many companies are open to meeting these new employee expectations and even transitioning to a more permanent remote or hybrid workplace.
However, flexible working does come with its challenges.
Remote working can both improve and jeopardise your security
Some of you could argue that remote working can be seen as either a security risk or a security advantage. And both views might be right!
The truth is, it all comes down to how you choose to manage things and protect your business, customers, and employee data. If you think about it, flexible working can actually offer you some new benefits and improve your security.
By simply having your team spread across multiple locations, you are increasing your flow of information. What’s more, opening multiple time zone working hours allows you to have 24-hour monitoring in place. That means you can reduce the dependency on central locations and your infrastructure risk.
Also, by shifting your systems to the cloud, you can implement more robust security measures and reduce the need and the cost of physical office space.
On the other hand, it is more challenging to take care of remote employee security than to manage your on-site endpoints. Without a doubt, a modern hybrid workplace brings some security risks.
Some additional security measures are needed from changing security policies and preventing the spreading of sensitive company information to personal and uncontrolled employee devices, to educating employees about the risks of remote working!
What’s your view on this?
Learn more about ‘Things to think about now your team is working from home’
Endpoint security stats you should know in 2022
Before we dive into endpoint threats, let’s check some facts. We’ve collected some of the latest endpoint security statistics you should know in 2022.
#1 Ransomware attacks are on the rise
A study by Check Point shows that throughout 2021 ransomware was one of the most common and most dangerous types of malware. The weekly average ransomware attacks targeting corporate networks increased by 50% compared to 2020. What’s more, Europe and North America are among the most vulnerable regions.
#2 The private sector is most vulnerable to cyber attacks
Another study found the public sector is less affected by ransomware than the private sector. 60% of organisations in the media, leisure and entertainment industry have experienced a ransomware attack in 2020. This is followed by IT, technology and telecoms (56%), energy and utilities (55%), and professional business services (50%).
#3 Cost of a data breach
Based on IBM Security analysis, remote working and digital transformation due to the COVID-19 pandemic increased the average total cost of a data breach by nearly 10%. Costs were significantly lower for some organisations that have fully deployed security AI and automation and work in a hybrid cloud environment.
#4 Targeted endpoints
One of the most common ways by which attackers target endpoints is by installing malware. Some of the preferred malware delivery methods are usually email and the web. Research from Webroot indicates that 83% of malware threats are stored in one of four locations:
#5 Zero-day attacks
According to a study by the Ponemon Institute, on average, 80% of successful breaches are new or unknown zero-day attacks. This means that recent attacks either include new or evolved malware variants that infiltrate a system unrecognised.
#6 Employees use personal devices for work
One in three US employees (33%) use a personal computer and smartphone to work remotely. This study further indicates that less than 25% of employees work with secure files and folders. All of this adds complexity to securing IT adequately as that’s a whole new range of devices that organisations have to monitor and manage.
What are the security risks of the modern workplace?
Let’s look at the most common endpoint threats that could affect remote and hybrid working models and how to prevent them.
#1 Unsecured network connection & web browsing
Security risk: Working from home, coffee shops, hotels, or airports may be convenient and efficient for remote employees. However, it’s important to remember that public networks aren’t secure! There’s always a risk of malware, logging into unencrypted sites or incidentally sharing sensitive information.
Security tips: While there isn’t much you can do to make a public network more secure; you can still do some things to keep your data safe.
- Consider using VPNs to offer encryption.
- Encourage employees not to stay permanently logged in to business accounts.
- Encourage employees to pay more attention to warnings while using web browsers.
#2 Using unsecured personal devices
Security risk: Working in a remote workplace outside the company’s secure perimeter may lead to poor employee working habits that increase security risks. In fact, using unsanctioned tools or personal devices brings a number of risks – from data losses, unauthorised data sharing, and cyberattacks to stolen devices.
Security tips: Implementing firm usage policies can help ease the risk of malware infiltrating your systems. Also, when not in use, all personal and business devices should be secure.
#3 Using Weak Passwords
Security risk: Whether we like to admit it or not, many people have very simplified passwords that are easy to remember and use. And when they translate that bad and quite dangerous habit into the business world, they risk losing both personal and business information.
Security tips: To protect employees or end-users from phishing attacks and stolen login credentials consider some of the following tips:
- Add an additional layer of security with multi-factor authentication (MFA).
- Support using strong passwords – at least 12 characters, with a mix of letters (upper and lower case), numbers, and symbols.
- Encourage employees to change passwords frequently. Many organisations have a password policy in place, but you can still change a password more frequently than the policy guidelines!
- Consider using password managers.
#4 Neglecting security risk from collaboration tools
Security risk: In a remote working environment, the reliance on collaboration tools, such as Teams, Zoom, Slack etc., is quite heavy. This means a large volume of chats, shared documents, and sensitive data is usually retained in a central location, making it a perfect target for cyber-attacks.
Security tips: Consider boosting up collaboration security. Developing awareness about collaboration tools’ security risks, implementing encryption for all storage and transfers, preventing unauthorised data and meeting link sharing can help you maintain security to some extent.
#5 Out of date software and antivirus
Security risk: When a new threat appears, antivirus companies usually push updates to the software – by neglecting these updates, you risk your systems becoming more vulnerable.
Security tips: Having up-to-date software and antivirus is critical to safety monitoring. So, educate employees on the importance of regular software and antivirus updates.
#6 Not educating employees about cyber security
Security risk: Your remote employees can become your biggest weakness when it comes to cybersecurity. Their actions and “bad’ habits can jeopardise the security of your business without even realising it. So, to prevent the threats mentioned above, it’s important not to overlook the cyber security awareness training.
- Develop a security policy that will cover all possible attacks.
- Educate your employees about safe work practices.
- Encourage their cooperation, not just compliance.
Remote and hybrid working is here to stay! So, if you want to build a secure working environment for remote employees, advanced safeguards against cyberattacks and data breaches should be at the top of your priority list. And if you already have a safe security policy, you must be ready to update it regularly and educate your employees about new threats.
Content Creator at Service Desk Institute