Remote working has opened opportunities for employees to explore new environments and approaches to work. For people who don't like the monotony and loneliness associated with working from home, cafés, parks, and libraries provide new sceneries that may help them get the motivation they need.
However, while working in public places can be convenient and helpful for productivity, it brings more security risks than working from home or in the office. As a consequence, your business network may be put in jeopardy.
How do you ensure safety in your remote workplace amid the threats?
Here at ITS, we’ve been helping hundreds of businesses bolster their network defenses for nearly twenty years. As a Managed IT Service Provider (MSP), we’ve also seen the massive paradigm shift in the work culture, from on-site to remote, and were able to help clients transition smoothly and securely.
Therefore, in this article, we’ll go over the following:
- Security risks and concerns your team may have to deal with when working remotely
- Security measures you can implement to help avoid them
What are the security risks of working in a public place?
We’ve talked with Kyle Ramirez, Technical Sales Engineer from ITS San Francisco, regarding the matter:
He stated, “When the pandemic started, we were all forced to work from the comfort of our homes. That’s kind of okay because we were on our home networks, and we know the devices that are there. But as things started to open back up due to the easing of restrictions, people started going out to work from anywhere, especially in cafes.”
That’s where the danger lies. Below are three of the most common security risks of working in a public place.
1. Unsecured internet connection
One of the reasons employees love going to public places to work is the free Wi-Fi. Some people connect to it without much thought. Others may resort to using it when they run low on data or suddenly have an unstable connection to their mobile hotspot.
“But perhaps the main reason people were presented with this culture was that although the offices were still not open, people were already allowed to leave their homes after being locked up for so long. That is why many people brought their work laptops to cafes and accessed company resources through the café's Wi-Fi.” Ramirez said.
And while it’s okay to use free Wi-Fi to watch YouTube videos and read news, connecting to it while handling work data can lead to cybersecurity risks.
“The question here is how well they know the network. Because most probably, these people don't. They don't know the type of network they're on, don't know the network security, and most importantly, they don't know who else is on the network.” Ramirez continued.
He mentioned the three levels of network security: low, medium, and high.
Connecting to a low-security environment could easily put your entire business data at risk. A study by Kaspersky Security Network shows that nearly 25% of public Wi-Fi hotspots don't have encryption. This makes it easy for anyone near an access point to intercept, store user traffics, and steal critical data. Since it is likely a public network, there are no defense services in place, so anyone can connect to it and cause harm to unsuspecting victims.
On the other hand, medium to high-security networks may not be a risk from a security standpoint, but there is a danger to data privacy. This is because the networks at this level have the ability to decrypt your network and look into your traffic. So, it's not about your computer getting hacked but the uncertainties of what's happening with your company data while you're connected to the network.
2. Evil Twin Attacks
Taking from the above points, this type of attack occurs when a cybercriminal gets unauthorized access to a public network. Evil Twin attacks take place when hackers set up fake Wi-Fi points that imitate legitimate networks to access user data, including login credentials.
For example, hackers will create a Wi-Fi network named ‘Hotel Lobby Free Wi-Fi’ to attract potential victims who will connect to the fake network and enter information on a captive portal page.
3. Traditional theft
When working, it is natural for employees to stand up at times to go to the bathroom or buy drinks, leaving their laptops unattended for a few minutes. This makes the equipment vulnerable to theft.
Additionally, if a team member forgets to log off from the laptop while they’re away, the data on the screen can be seen by unauthorized eyes.
What can you do to avoid these security risks?
To steer clear of these risks, you and your team can employ the following security measures:
1. Have a personal hotspot device
“The best option for people who want to work from a cafe, or any public place, is to have a personal hotspot device. Typically, phone plans will allow a little bit of personal hotspot usage, but it will eventually slow the phone down. What you can do is have a whole separate device dedicated to the hotspot. That way, you're certain that you're the only one on your network.” Ramirez explained.
2. Use a VPN
In events where you have no choice but to connect to a public network, a Virtual Private Network or a VPN may help save the day.
VPN allows employees to log on to a company network securely from anywhere without compromising your company's security. It encrypts their connection and hides their IP addresses, making their data incomprehensible to cyber attackers and limiting threats to your business even if they’re using public Wi-Fi.
But there are a few reservations here. According to Ramirez,
“If you’re on a low-security network, the VPN is not going to prevent your computer from being hacked. Ensure that you know the network and are subscribed to a really good business VPN.”
3. Have a centralized storage service
Instead of relying on local file storage, invest in cloud storage for your employees. This solution offers better protection for your files as firewalls secure the storage. It also prevents compromised data in case a team member's work laptop gets stolen or lost since the files are saved and backed up on an external device.
4. Install a comprehensive cybersecurity solution
Ramirez enumerated the cybersecurity solutions businesses can execute to ensure a robust network defense.
“If you absolutely need to work in a public place, get your team a complete cybersecurity suite that can defend you against phishing scams, malware, viruses, zero-day attacks, and trojans.
Implement Endpoint Detection and Response (EDR) solutions, use a business VPN, install anti-virus and support it with security software such as Huntress.”
5. Educate employees and implement strict WFH security policies
In a study by IBM, human error was identified as the main reason for 95% of data breaches. Hackers are aware of this fact and have been more aggressive in leveraging human weaknesses to steal data from employees and businesses unprepared to implement remote working.
You can help prevent a team member’s mistakes by conducting frequent training on cybersecurity. Give notifications for periodic password changes, educate them on how to detect suspicious emails and links, and provide instructions on how to proceed in case of possible intrusion.
Make sure to develop security policies that your organization should follow. You can require them to employ multi-factor authentication (MFA) or use strong passwords when logging in to their accounts.
Watch this video to know what an MFA is and why is it important:
6. Provide laptop cable locks
A laptop cable lock is a tool that anchors your laptop to a table or any fixed structure to prevent theft. A user can attach one end to their laptop's lock slot and the other to the table to physically secure their equipment. Some cable locks come with keys, while others have four-digit password protection.
Ready to be free from security risks in remote work?
As businesses now see and reap the benefits of remote working, the permanence of it may not be too far off. That being the case, cybersecurity should be all the more enhanced. As a recap, here are the security risks of working in a public place:
- Unsecured internet connection
- Evil Twin Attacks
- Traditional theft
And here are the solutions to avoid them:
- Have a personal hotspot device
- Use a VPN
- Have a centralized storage service
- Install a comprehensive cybersecurity solution
- Educate employees and implement strict WFH security policies
- Provide laptop cable locks
At ITS, we’ve helped our clients protect their business data against plenty of security risks amid remote work. If you want to empower your business to adapt to the new normal, this e-book will help.