Remote work offers many advantages – from convenience for workers to reduced office costs for employers. However, remote work also complicates cybersecurity. As remote and hybrid arrangements become solidified in UK work culture, employers are having to contend with what this means for cyber risks.
Remote Work Is Expanding
Startups surveyed 546 business owners in late 2023 and found that 66% were offering flexible working, whereas just 28% had workers in the office on a full-time basis. Furthermore, 14% of UK businesses say they’re planning to increase the number of days their staff can work remotely in 2024, whereas only 6% say they’re planning to require workers to come into the office more.
What began as a necessity to deal with the COVID-19 pandemic has become a way of life for many workers. Remote arrangements allow workers to cut out commutes and enjoy the benefits of workplace flexibility. This may also be good for employers, who cut back on office costs and increase employee satisfaction. However, it’s important to address the elephant in the room: cybersecurity.
Cybersecurity Is a Serious Challenge
Phishing, ransomware, business email compromise, and other cyberattacks are a significant threat to businesses. In the Cyber Security Breaches Survey, 32% of businesses said they had experienced a cyber breach or attack in the last 12 months.
These attacks are often devastating. A report from the Royal United Services Institute shows the many ways ransomware can do harm, which include financial loss, damage to digital systems, and deterioration of client trust as well as stress and job loss for workers. The report even found that cyberattacks may have traumatic psychological effects on victims.
Unfortunately, the situation is likely to become worse. According to the National Cyber Security Centre, artificial intelligence is expected to lead to an increase in cyberattacks over the next two years.
To reduce the risks of cyberattacks, businesses should leverage a wide range of tactics that encompass IT controls as well as cyber-smart practices and worker training. However, remote work makes this more complicated.
How Remote Work Impacts Cybersecurity
Remote work is not always a cybersecurity risk, but it may contribute to increased risks for a number of reasons:
• Remote workers may not be using secure connections. For example, they may work from coffee shops with public Wi-Fi or use a home Wi-Fi setup that is not password protected and that neighbors and passersby can access.
• Physical devices may get lost in transport. Laptops and flash drives become security risks if they are lost, stolen, or otherwise fall into the wrong hands. The risk of misplaced devices increases if workers regularly transport devices between home and work or other locations.
• Remote workers may mix personal and professional computer use. For example, a worker may use a personal computer to access business accounts, or vice versa. This may create additional cyber exposures if the personal devices or accounts are not secure. Although this may happen in the office, it is more likely to happen at home.
• Remote workers may be more vulnerable to social engineering. Imagine an HR professional receives an email from a coworker who says he has a new bank account for salary deposits. If the coworker is just down the hall, it’s easy to confirm this in person. When working remotely, confirmation is more of a hassle, which may leave companies vulnerable to payroll diversion and other social engineering scams.
• Hackers can exploit Remote Desktop Protocol (RDP). RDP allows individuals to access devices remotely. Whereas this may be convenient for remote work, it may also create an opening for hackers.
How Brokers Can Help Clients
As business clients continue to adapt to remote work, brokers can help them navigate growing cybersecurity risks. In addition to offering cyber insurance, brokers can provide:
• Tips on how to set up secure computer systems, Wi-Fi networks, and RDP.
• Resources for worker training and education, including for cybersecurity.
• Guidance around cybersecurity policies for remote workers, including rules on network security.
• Alerts on new attacks and vulnerabilities in the news.
The National Cyber Security Centre offers some resources for small businesses. Insurance carriers may also provide resources.
Do you need help securing cyber insurance for your clients? Costero offers commercial cyber insurance covering response costs, reputational harm, system damage, and business interruption.
To Learn more, please contact Divisional Director of Costero’s Cyber Division:
Email: Jonathan.Olley@costerobrokers.com
Direct Line: +44 (0)20 8051 5162
Mobile: 07792592533