Remote Workers Can Increase Cyber Threat to Employers

Cybersecurity is a growing issue as more companies require their employees to work remotely as a precaution against spreading the coronavirus.

It’s one thing to say that workers will work remotely, and access sensitive and confidential information via the internet. It’s quite another to be able to assure executive management that information is protected and compliance mandates are met, according to Janco Associates.

Janco’s Victor Janulaitis

“In talking with a number of our clients, as they rushed to allow a greater percentage of their employees to work from home, we highlighted several risks small and midsized companies faced,” said Janco CEO Victor Janulaitis. “The risks ranged from a more complicated record management, destruction and retention process to exposure of confidential and sensitive information to individuals within the companies that did not know what they could not do with that information.”

Getting telecommuting going is not as difficult as it may sound, he said. What is an issue is the volume of sensitive and confidential information that will be exposed without the proper infrastructure to protects those corporate assets, he said.

Bitdefender’s Liviu Arsene

Liviu Arsene, global cybersecurity researcher at Bitdefender, tells us remote workers can severely increase the risk of suffering breaches or inadvertent data leaks if their employer has inadequate security procedures involving access and handing of critical customer data.

“For example, an employee using his/her work laptop at home may use it for private activities, or even share it with family members,” he said. “Inadvertently copy-pasting sensitive data into the wrong window, installing an unsanctioned applicationor using an unsecure internet connection are just a few scenarios where an employee could pose security risks that could lead to compromise of on-device data or company infrastructure.”

Surveys have shown as much as half of SMBs have suffered a cyberattack within a single year, and that a data breach can be devastating, even potentially leading to the business’s permanent shutdown, Arsene said.

“Allowing remote employees to connect to and access critical infrastructure without having proper authorization, authentication and accountability in place significantly increases the risk of cybercriminals misusing that access,” he said. “The current cybersecurity skills shortage coupled with small cybersecurity budgets and the security challenges brought forward by remote employees can spell disaster for SMBs.”

SMBs that face the challenge of fortifying security while supporting remote employees can confidently turn to MSPs and MSSPs for expertise, support and 24/7 reliability in terms of deploying the right tools and procedures at a fraction of cost, Arsene said. Investing in an in-house cybersecurity team can drive operational costs well beyond the comfort zone of SMBs, while partnering with managed service or security service providers offers the same benefits with minimum expenses, he said.

“Another option that SMBs have is relying on managed detection and response (MDR) services that act as security operations center (SOC)-as-a-service,” he said. “Security operation centers are something that only large organizations have traditionally been able to afford for threat hunting of advanced and sophisticated intruders. However, through MDR, SMBs can also defend themselves…