The IT Nerd

As more companies embrace remote work and “workations” during the summer,  a cybersecurity expert warns that swapping the office for scenic views could put corporate data at serious risk

Businesses are adopting mixed work models, and summer is the perfect time to embrace greater workplace flexibility. However, when employees swap the office for a more relaxing setting, it can expose enterprises to additional cybersecurity risks — and, without proper measures, increase the likelihood of a data breach.

A survey by DayForce has found that 41% of employees feel they’re less productive in the summer, and 58% stated that their employer offers some type of flexibility during this time, including increased work-from-home or work-from-anywhere options. According to Andrius Buinovskis, a cybersecurity expert at NordLayer, a toggle-ready cybersecurity platform for business, while employees might appreciate the added benefits, enterprises mustn’t underestimate the risks behind such perks.

“Many companies offer mixed working models, such as remote or hybrid working. Work from anywhere or ‘workations’ allowing employees to work from abroad have also gained popularity,” says Buinovskis. “This additional flexibility is a great bonus for employees. However, businesses mustn’t offer it to employees without knowing the risks. Remote work opens the door for an array of security vulnerabilities, which, if exploited, can lead to devastating data breaches, resulting in reputational and financial loss.”

The main cybersecurity risks

Buinovskis explains that the most common threat from remote work comes from using unsecured public networks. Cybercriminals can intercept Wi-Fi to steal employee credentials, install malware, or hijack accounts.

“Employees that change their routines are more likely to reduce VPN usage due to distractions. Due to their unfamiliarity with the environment, they’re also an attractive target for scammers, and their lack of vigilance can make them more likely to fall for phishing scams in general,” says Buinovskis. “Additionally, employees may be asked to share more personal data in countries with fewer GDPR restrictions, increasing the risk of misuse. Another major concern is that if they use  personal devices, those devices lack centralized security, may run outdated software, and are more vulnerable to attacks.”

He emphasizes that personal devices offer less physical security than company-issued hardware since friends and family members can access them. While travelling, work devices are also at a greater risk, as they may be lost or stolen. If that happens, the information stored on these devices could be misused, and according to Buinovskis, just one compromised device or account is enough to trigger a significant data breach.

How to ensure cybersecurity while maintaining flexibility

Even though remote work models come with cybersecurity challenges, it doesn’t mean that businesses should abandon these perks altogether. According to Buinovskis, the main cybersecurity measures companies should implement to ensure that their data is protected include:

●       Strong network encryption. It secures data in transit, transforming it into an unreadable format and safeguarding it from potential attackers.

●       Password management policies. Hackers can easily target and compromise accounts protected by weak, reused, or easy-to-access passwords. Enforcing strict password management policies requiring unique, long, and complex passwords, and educating employees on how to store them securely minimizes the possibility of falling victim to cybercriminals.

●       Multi-factor authentication. Access controls, like multi-factor authentication, make it more difficult for cybercriminals to access accounts with stolen credentials, adding a layer of protection.

●       Zero trust architecture. The constant verification process of all devices and users trying to access the network significantly reduces the possibility of a hacker successfully infiltrating the business.

●       Network segmentation. If a bad actor does manage to infiltrate the network, ensuring it’s segmented helps to minimize the potential damage. Not granting all employees access to the whole network and limiting it to the parts essential for their work helps reduce the scope of the data an infiltrator can access.

“High observability into employee activity and centralized security are crucial for defending against remote work-related cyber threats, especially because personal devices and unauthorized applications greatly expand a company’s attack surface,” Buinovskis says. “Given the real risk of data breaches and the financial and reputational damage they could potentially cause, overlooking security gaps is a serious gamble that isn’t worth taking.”

Buinovskis also emphasizes that employees are often the weakest link in a company’s cybersecurity. Cybersecurity awareness training is essential to minimize the risk of data breaches — regardless of the work model. This training should cover how to recognize phishing scams, the risks of using public Wi-Fi, and effective password management practices.

ABOUT NORDLAYER

NordLayer offers reliable connection, protection, threat detection, and response for businesses needing strong network security. Built on NordVPN standards, NordLayer is a trusted cybersecurity platform that integrates easily with any network and technology stack, all with unmatched support. NordLayer is part of the cybersecurity powerhouse Nord Security. For more information: https://nordlayer.com/