With varying rules surrounding lockdown throughout the UK and across the globe, working from the office has become almost an anomaly as millions work from home. With remote working now being commonplace, additional pressure has been placed on IT and security teams to ensure that employee productivity can remain as high as it was in the office, whilst ensuring that employee and corporate data is kept as secure as possible.
There is a fine line when it comes to achieving a balance between productivity and security and this has become more difficult with remote workers, as many organisations have little visibility or control over what employees are doing on corporate smartphones and laptops once they are out of the office. When it comes to Bring-Your-Own-Device (BYOD), this becomes an even greater problem.
Do Remote Workers Pose A Greater Cybersecurity Risk Than Working In The Office?
NetMotion recently looked at anonymised network traffic data, concentrating on risky content – of users attempting to access URLs that have been blocked or flagged. The data that they looked at spanned May 30th – June 24th of 2020, revealing that employees clicked on 76,440 links that took them to potentially dangerous websites. All of the sites that were analysed were visited on work-assigned devices when using, home Wi-Fi, public Wi-Fi, or a cellular network connection.
Remote Workers and Risky Links
Types of risky links remote workers attempt to access
(count = 76,440)
- Employees, on average, encounter 8.5 risky URLs per day, or 59 per week
- Remote workers access around 31 malware sites per month, and 10 phishing domains. That equates to one malware site every day, and one phishing domain every 3 days
- Over a quarter of the high-risk URLs visited by employees were related to botnets
- Almost 1 in 5 risky links led to sites that contain spam, adware, or malware
- Phishing and fraud, which are often the focus of many news stories, accounted for only 4% of the URLs visited
- The ‘other’ category, representing 51% of the data in the chart above, is made up of ‘low-severity’ risky content, such as websites that use proxies, translations and other methods that circumvent URL filtering or monitoring.
Why Are Risky Links a Threat?
Most common types of high risk URLs encountered (%)
Botnets – Whilst botnets are extremely prevalent, they rarely visibly impact individual visitors. However, botnets can compromise devices, placing them under remote control from outside parties. Botnets can utilise thousands of devices to perform Denial of Service (DoS) attacks, whilst botnets such as MasterMana perform sophisticating phishing attacks. As a result, organisations should deter users from accessing sites which would expose them to such risks.
Malware – Malware is a major threat to businesses, particularly ransomware which has been running rampant this year. Ransomware attacks have risen dramatically in recent times. An Israeli software company was forced to pay $250,000 in Bitcoin to hackers in June 2020, whilst a serious cyberattack on Hackney Council in October 2020 bears the hallmarks of a ransomware attack. With a quarter of all risky traffic accessed by employees being to a site that is suspected of harbouring malware, organisations are at risk of being exposed to a malware attack that could have serious consequences.
Spam and adware – Less severe in terms of the damage they can do to a business, but spam and adware are still a widespread threat that IT teams must deal with. Anything from bloatware that slows down machines to invasive data-gathering scripts can cripple employee productivity, as well as potentially providing access of sensitive data to unknown entities. Security teams would not allow such traffic to pass through corporate networks, and the same should be true when employees are remote working.
Phishing – one of the fastest growing social engineering threats, phishing is a popular option due to its simplicity. Exploiting a watertight OS or hunting for zero-day vulnerabilities can be bypassed by hackers by focusing on a softer target – employees. Data can be extracted by producing convincing fake websites for platforms such as Office365, PayPal and LinkedIn. If employees are tricked into using these phoney sites, hackers can use stolen credentials to access important assets and data.
How Can We Help?
Ensuring that remote workers are protected has never been so important. We can work with you to understand your business needs, ensuring that your data and employees are secure no matter where they are working. Get in touch to find out more.