With remote workers relying more on technology, cyber risks are rising while attention to security wanes
by: Dan Booth
In October, airports across the US reported coordinated cyberattacks on their public-facing websites. Although none of the attacks affected critical air traffic control or flight operations systems, the denial-of-service onslaught disrupted websites that travelers use to check flight timings and other information. Reportedly, a pro-Russian hacker group called ‘Killnet’ claimed responsibility for the attacks.
While the outcome of this breach was mostly an inconvenience for airline customers, it’s a reminder that with so much travel activity taking place in the digital realm, cybersecurity should be a top-of-mind issue for both business travelers and the companies they travel for. According to the Federal Bureau of Investigation, the US alone, cyber incidents in 2021 led to potential losses of at least $7 billion. Sadly, the latest attack also underscores the problem that, too often, these events only get attention after the fact.
Two years-plus into the global pandemic, the consequences of its disruptive impact is coming more into focus. One profound shift that is already having major long-term effects is the trend toward the distributed workforce and remote working. Entire cities shut down under the threat of the virus and businesses struggled to continue operations, driving stay-at-home employees to adopt more sophisticated technology to connect.
Now, with the return to something akin to normal, one thing that seems not to be returning is workers to the office – at least not in the numbers companies are accustomed to. Instead, employees are seizing on the flexibility and independence offered by work-from-anywhere. Some companies are embracing the new model, at least for part of the work week; others are pushing for their workforce to back to more traditional schedules.
“Nevertheless, the trend is clear,” noted Juta Gurinaviciute, chief technology officer at NordLayer, a business security solution. “Ever since the beginning of COVID-19, remote or hybrid work has become inevitable even in those companies that previously preached the importance of face-to-face interactions.”
Generational Differences The technology that is powering the remote work phenomenon may open the door to more mobility, but it may also leave the door open to cybersecurity threats. Internet accessibility and quality are a must for a person to be able to work from anywhere, but without the right risk management in place, employees who sign on from remote locations can be more vulnerable to cyberattacks.
The rise of remote and hybrid working environments is creating an expanded risk for cybersecurity failures, according to an analysis released by Ernst & Young. The 2022 EY Human Risk in Cybersecurity Survey also finds that human risk in particular is growing as younger digital natives, who spent most of their lives embracing technology, enter the workforce.
While three-quarters (76 percent) of the workers surveyed consider themselves knowledgeable about cybersecurity, those in younger generations – 58 percent of Gen Z and 42 percent of Millennials – are significantly more likely to disregard mandatory IT updates for as long as possible. The research also found 30 percent of Gen Z and 31 percent of Millennial workers are more likely to use the same password for both professional accounts and personal accounts. Plus younger generations are more likely to accept web browser cookies on their work-issued devices all the time or often, versus their older counterparts.
"This research should be a wake-up call for security leaders, CEOs and boards because the vast majority of cyber incidents trace back to a single individual," said Tapan Shah, consulting cybersecurity leader for EY Americas. "Human risk must be at the top of the security agenda with a focus on understanding employee behaviors."
To help educate global workers about the vulnerabilities – both virtual and real – NordLayer has developed a Global Remote Work Index to assess and compare the top countries for remote work, based on four criteria: Each country’s cybersecurity environment, economic and social conditions, digital and physical infrastructure, and COVID-19 response and handling. In all, the report evaluated 66 countries. The study found the top 10 countries for remote work are Germany, Denmark, the US, Spain, Lithuania, Netherlands, Sweden, Estonia, Singapore and France.
“The Global Remote Work Index puts emphasis on the safety and reliability of both the physical and digital environment,” Gurinaviciute said. “It also gave special attention to cybersecurity. In this regard, it is an excellent resource for remote employees who wish to relocate or work in a nation other than that of their current residence.”
Even for remote workers in countries that rank high in the NordLayer ranking, Gurinaviciute has some practical suggestions for staying secure: • Keep your personal and professional devices separate. The same goes for user accounts. Make sure all your software is up to date, and if you have only one device for both personal and work purposes, consider partitioning its hard drive. • Make sure your router is password protected and you use a reliable virtual private network to secure your Internet connection to reduce outsiders’ ability to intercept your data and target what you do online. If your company doesn’t use a business VPN, try subscribing to one of the user-friendly solution available for individual use. • Rethink your passwords. Never reuse old ones, but instead, create a unique password for every account. To safely store this vast number of passwords, start using a password manager.