There are a lot of things we might miss about life before the pandemic. We may miss being able to walk around barefaced everywhere we go. We may still miss hanging with a larger group of friends or going to a restaurant with a large party, or just sitting in a crowded bar, or at a crowded concert.
For longer than most of us ever expected, life has just looked very different. However, not every change was a bad one and one of the things that most people don’t miss is going into the office to get their jobs done.
Remote work has risen exponentially since the beginning of the pandemic. Working from home was a trend already on the rise, but now it’s the accepted norm, and it isn’t going away any time soon. In 2020, 62% of the American workforce began working from home (49% for the first time ever.)
Studies show that while the vast majority of remote employees are pleased with the change from office to home, the majority also face new challenges that didn’t exist at the office. One of the most threatening and common challenges is that of cyber attacks.
The fact is that remote work has created an environment ripe for cyber security breaches. According to the FBI, cyber crimes rose by 300% in early 2020. Studies also show that attacks specifically targeting remote employees rose by 5x within the first 6 weeks of quarantines. Twenty percent of companies also report cyber security breaches which could be linked back to their remote employees.
These security breaches could come from a number of types of attacks including phishing, which was up by 600%, ransomware (up by 148%), malware activity (up by 128%), botnet traffic (up by 29%), and attacks on IOT devices (up by 13%.)
Some of the top factors that increase the risk of cyber attacks come from employees using their personal devices, which may not have security protocols in place. Statistically, 56% of employees use their personal devices, but 25% have no idea what security protocols those devices include. Another factor is the sudden, dramatic increase in the use of video conferencing tools, like Zoom, and other collaborative apps.
These programs can be easily hacked and cyber criminals can also glean usernames and passwords, which are often reused elsewhere. The other two top risk factors are home networks and remote access to company networlds.
Home networks are often unsecure, or they have spotty WiFi, which also weakens security. While most companies are satisfied with their in-house security, employees are no longer “in-house” and companies’ legacy systems are not designed for the influx of remote connections.
The responsibility for security isn’t just on the employees though. Some companies do give their employees security tips. The top security tips are to be wary of suspicious emails, attachments, or pop-ups; to ensure that antivirus software is activated; and to keep software patched and up to date.
These tips are beneficial and 75% of employees are likely to follow security protocols given by their employers, however, 20% of employees who were new to remote work, received no security tips at all. Some reasons for this is that the shift from office to remote was so sudden, and IT departments had very little time to prepare and plan.
Still, regardless of how well we’re catching up, or how prepared we are, cyber criminals are not going to let up. They’re taking advantage of this moment of added weakness. Unfortunately, with all the new factors of remote work, 76% of companies say that breaches will take longer to detect and to contain, and 70% also say that the cost of breaches to companies will only increase.
One kind of answer to the problem, which 60% of employers have implemented, is multi-factor authentication (MFA.) This security protocol does prevent 95% of all bulk phishing attempts and 75% of targeted attacks, however, it is not a perfect solution. Usernames and passwords are still too easily hacked, and employees have a tendency to reuse their login info for other programs. Sixty-three percent of data breaches take advantage of reused credentials.
A better solution is a passwordless authentication. Passwordless security completely removes passwords and replaces them with biometrics and cryptography. It also uses risk-based authentication, which means that every user and every device is checked for risk signals. Also, no out-of-band messages means there’s nothing to intercept. Passwordless security is the solution that rises to meet the security challenges of the new normal.