Top 3 Cyber Security Risks Introduced by Remote Working

When an organisation introduces remote working, inevitably this will introduce new and additional cyber security risks, including an increase to the overall attack surface of that organisation.  In this article we look at what some of the top risks are and how you can address them.

  1. Lost or stolen devices.
    Lost and stolen devices are one of the number one reasons that organisations report data breaches to the UK Information Commissioners Office (ICO). While it is no surprise that devices get lost, what is surprising is the number of organisations that fail to implement any form of controls to mitigate this risk.

    What is the impact of this risk?
    Lost or stolen devices could potentially result in data loss, sensitive data ending up in the wrong hands, regulatory fines and contractual breaches.

    How can we mitigate this risk?
    1. Firstly you should ensure that all of your devices are encrypted. For Windows devices you will need to enable Bitlocker and implement strong authentication to ensure that only authorised individuals can access a device. For Apple devices you will need to enable FileVault. Mobile phones are slightly more complicated which brings us onto the next point.
    2. All mobile devices, including laptops, phones and tablets etc should be enrolled onto a Mobile Device Management Solution. This will enable you to quickly configure encryption policies across your devices, apply other components of secure configuration and also remotely wipe devices should they be lost or stolen.
    3. Increase the security awareness of your staff by communicating remote working procedures and ensuring that they are securely storing business assets when they’re off site.

  2. Office centric Network Security
    When working in the office, devices are often subject to a number of different security controls, including Network Firewalls, Intrusion Prevention Systems and Web Filtering etc. If users are working remotely, unless they’re connecting back to the office network via a VPN or utilising a Secure Access Service Edge (SASE) solution, they’re suddenly far more exposed than they were before. It is very important that organisations begin to adopt an approach that see’s security controls deployed to end user devices or as close to them as possible.

    What is the impact of this risk?
    The reduced coverage of security controls means your users and their devices are more susceptible to malware and phishing attacks, additionally users may inadvertently connect to unsecure wireless networks. The impact of these attacks could result in operational downtime, reputational damage, fraud and theft, regulatory fines and contractual breaches.

    How can we mitigate this risk?
    1. Review your security controls and ensure that you have deployed centrally managed security that is deployed to the device. Further guidance can be found on our article Effective Security Controls to Protect Remote Workers.
    2. Deploy a Secure Access Service Edge (SASE) agent to end user devices. SASE solutions route network traffic via cloud based network security stacks.
    3. Deploy VPN agents to your end user devices and route traffic via the security controls on your office network or datacentre. Ensure you understand the potential capacity impact that this could have before implementing such measures.

  3. Weak Configuration
    Weak configuration can expose your devices to increased levels of risk, e.g. default firewall rule sets exposing non-essential network services, inadequate device lockout policies etc. Devices should always have a secure configuration applied and this will differ for mobile devices that are taken out of the office. When a device is taken outside of an office, your security perimeter changes from the network boundary of the office to the device itself, so it is important that this is taken into consideration when applying device configuration.

    What is the impact of this risk?
    Weak configuration could expose devices to significant risks, e.g. exposing SMB port 445. This increases the risk of devices being exploited on unsecure networks and could also potentially allow users to browse the web, bypassing VPN’s and agent based network security controls installed on a device. The impact of this could result in operational downtime, reputation damage, fraud and theft, regulatory fines and contractual breaches.

    How can we mitigate this risk?
    1. Develop a Baseline document for the secure configuration of your devices, taking into account the risks of mobile working.
    2. Review best practice configuration for each device type. For Windows based devices, Microsoft offer Security Baselines which you can download to review, tweak and rollout via Group Policy or a Mobile Device Management solution.
    3. Test configurations and roll them out gradually across your user base.