During the COVID-19 pandemic, many employees and employers alike discovered that remote work could be just as productive. It’s estimated that 20 to 25 percent of the workforce in advanced economies could work remotely three to five days a week without a loss of productivity.
But remote work isnâ€™t without its downsides especially when it happens in public places and the security risks associated with it are among them. Letâ€™s take a closer look at these risks and explain how to avoid them.
Public Wi-Fi Networks
Remote workers are attracted to places that offer free public Wi-Fi like flies are attracted to honey because they canâ€™t do their work without internet access. What they sometimes donâ€™t realize is that not all public Wi-Fi networks are as sweet as they appear to be.
Itâ€™s a fairly common practice for cybercriminals to set up so-called Wi-Fi honeypots in highly trafficked areas, such as airports, shopping malls, and public libraries.
A Wi-Fi honeypot is essentially a malicious wireless hotspot created to steal sensitive information.
Not realizing their malicious nature, remote workers connect to Wi-Fi honeypots to obtain access to the internet, allowing the attackers behind them to see what they do online, read unencrypted information, and redirect them to credential-stealing websites.
How to Stay Safe from WiFi Honeypots
Since itâ€™s virtually impossible for the average employee to reliably distinguish legitimate public Wi-Fi networks from those that are malicious, itâ€™s best to avoid them altogether.
Instead of relying on public Wi-Fi, employees should be encouraged to use their smartphones to create their mobile hotspots. Both Android and iOS devices make this easy.
When a fast cellular data connection isnâ€™t available to create a personal mobile hotspot and public Wi-Fi is the only option, then itâ€™s paramount to encrypt all online traffic so that even if someone manages to intercept it, they wonâ€™t be able to make sense of it.
Fortunately, modern remote desktop solutions like Microsoftâ€™s Remote Desktop Protocol (RDP) enable strong encryption by default. Organizations can also deploy a virtual private network (VPN) solution to make it possible for employees to safely connect to specific servers.
Device Theft and Loss
For obvious reasons, employees who are working in various public places are much more likely to experience device theft and loss than those who spend most of their time in the office, with security cameras and sometimes even security guards keeping them and their belongings safe.
The financial loss associated with a stolen or lost device is always unpleasant for the employee who purchased the device for himself/herself or the organization that provided it, but it pales in comparison with the potential financial impact of the resulting data breach.
How to Stay Safe from Device Theft
Unfortunately, itâ€™s not possible to reliably prevent device theft and loss. Whatâ€™s possible, however, is to minimize their negative consequences by encrypting all employee devices to ensure they can be used only as paperweights.
The good news is that laptops running Windows and macOS and mobile devices running Android and iOS support full-disk or file-based encryption out of the box. Once encrypted, their content can be accessed only after the correct password is entered.
To keep track of employeesâ€™ devices, organizations can deploy mobile device management (MDM) solutions like Microsoft Intune, a cloud-based management tool for mobile devices with support for Windows, macOS, Android, and iOS. With Intune, itâ€™s possible to remotely see all enrolled devices from one place, configure their security settings (including encryption), and remove organization data if a device is lost, stolen, or not used anymore.
Shoulder surfing is a frequently underestimated security risk that all employees working in public places need to keep in mind. It describes a situation where the attacker is physically so close to the victim that they can obtain sensitive information just by looking at their device screen and/or keyboard.
One example of shoulder surfing is if an employee is doing work at a coffee shop and someone sitting right next to them sees their email address and password. The opportunistic criminal can then simply write the password down and later use it to access the victimâ€™s inbox.
Of course, shoulder surfing attacks can also be deliberate. For example, a determined criminal could set their sights on a specific employee, such as someone who regularly visits the same public place to do work, and shoulder surfs them for hours and hours.
How to Stay Safe from Shoulder Surfers
Shoulder surfing is one of those cybersecurity threats that are best addressed with cybersecurity awareness training just like phishing.
Employees need to understand not just that the threat exists, but also need to know how little it takes for it to result in a major data breach. To protect themselves, they need to:
- Always be aware of their surroundings.
- Avoid sitting with their backs to other people.
- Find a private place whenever possible.
- Lock their devices when leaving them unattended.
- Be extra careful when entering passwords.
Itâ€™s also worth mentioning that special privacy screen protectors and filters for laptops, tablets, and smartphones can be purchased online and installed in minutes to darken the screen at a certain viewing angle, making it nearly impossible for strangers to steal sensitive information.
Itâ€™s Time to Take Remote Work Security Seriously
These days, work happens from many locations and devicesâ€¦
The problem is that some locations, such as airport lounges, coffee shops, and co-working spaces come with their security risks, and itâ€™s important to take them seriously otherwise they could lead to a costly cybersecurity incident.
If youâ€™re interested in implementing the solutions described in this article to improve the cybersecurity posture of your organization, schedule a meeting with us at MTS IT.