Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

Leadership

Meet the MetaCompliance Leadership Team

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Cyber Security Risks of Remote Working

Cyber Security Risks Of Remote Working

about the author

Share this post

In recent years, the rise of remote work has transformed the traditional office landscape, offering unprecedented flexibility and convenience. However, this shift to remote work comes with its own set of challenges, particularly in the realm of cyber security. As organisations adapt to the virtual workplace, they must be vigilant in identifying and addressing the various cyber security risks that can compromise sensitive information and undermine the integrity of their operations.

Here MetaCompliance explores some of the problems that home working brings to the cyber security table and what to do to close the door on remote work security challenges.

The Problem with Remote Working and Security

  • A poll of 1,000 British firms by the British Chambers of Commerce (BCC) and Cisco found that more than half of firms felt exposed to cyber security risk through home working.
  • According to one report, 20% of organisations believe a data breach occurred because of a remote worker.
  • The Verizon Mobile Security Index report found that 79% of respondents are concerned that changes to working practices harm an organisation’s cyber security posture. The report also highlights the issue of mobile device security and remote working, with 52% of respondents admitting to sacrificing the security of mobile devices (and IoT devices) to “get the job done”.
  • Cyber security policies are also being affected to allow remote workers to do their job unimpeded. A survey found that 26% of UK companies surveyed had relaxed their cyber security policy to enable employees to work remotely more easily.

Where Are the Security Risks when Working from Home?

Employees working from home or remotely brings new risks into play; these are typically not unknown risks. Areas where cyber-risk creeps in include:

Personal Devices

A UK Government DCMS “Cyber Security Breaches Survey 2022” shows that 45% of businesses allow employees to use personal devices such as laptops to carry out work-related tasks. The problem with this arises when there is no oversight or control of the device.

For example, if a device is used to send and receive business emails, are you sure that received emails are not phishing attacks or a scam?

Similarly, suppose your IT team is unable to ensure that mobile devices are updated and patched. In that case, security risks can creep in, leak data, and malware can enter your corporate network.

Unsecured Home Devices and Networks

Insecure home networks can become an entry route for cybercriminals and lead to sensitive data exposure. Cybercriminals scan the internet for unsecured networks, and any security gaps will be exploited, including default passwords on IoT devices and Wi-Fi or unpatched routers.

Similarly, Wi-Fi printers should not be overlooked. An insecure connection to a Wi-Fi printer also opens the door to a cybercriminal. Again, printer vulnerabilities can lead to an exposed home network. A Quocirca Print Security Landscape 2022 study found that 68% of companies suffered data losses because of print-related insecurities.

Internet Use and Non-Compliant Behaviour

The adage “out of sight, out of mind” sums up how changes in behaviours and internet use when an employee is in their home lead to insecurities. An Avanti report found that 66% of IT professionals reported increased security issues caused by online remote working. Security issues included malicious emails, non-compliant employee behaviour, and software vulnerabilities.

A further study into the security behaviours of remote workforces found that risky behaviour was more prevalent in homework environments, with issues such as leaving a computer unlocked when left unattended. The study was performed during the Covid-19 pandemic and concluded the need for “wellbeing and educational measures to help those at risk of PIU (problematic internet use) become more aware of how to spot the types of cybercrimes related to COVID-19.

Shared Spaces

Risky behaviour, such as leaving sensitive emails and documents open on a computer left unattended, can open security risks in shared homes. Shared spaces can turn into shared devices, and if those devices are logged into a corporate app or network, this can leave an organisation open to regulatory non-compliance or vulnerable to cyber attacks. Security concerns for remote working should also include co-working spaces – one study found that 23% of workers in coworking spaces had security concerns.

What Security Measures Can Help Secure Home-Based and Remote Workers?

There are several things that an organisation can do to help improve the security of its workforce for home working:

Supply a VPN

A virtual private network or VPN is a valuable tool that provides a secure connection between a user and a network/internet. For example, an employee with a correctly configured VPN can send and receive emails and other data security. A VPN will protect any data traffic, even if the home network is insecure. You can learn more about the benefits of using a VPN in our blog post, “3 Reasons Why You Need A Secure VPN.”

Security Awareness Training that Covers Home Workers

An October 2022 UK Parliament POST brief on “The impact of remote and hybrid working on workers and organisations” concludes:

Research suggests that cyber security challenges can arise from inadequate training and decreased levels of employee compliance with information security policy due to a lack of organisational support.

A home-work environment has unique challenges, and Security Awareness Training must reflect this. Therefore, ensure that your Security Awareness Training program focuses on home working and security needs. Typical areas that Security Awareness Training should educate home workers on include:

  • Be aware of leaving sensitive information open on the screen.
  • Don’t remain logged in to apps when away from a workspace.
  • Password hygiene and clean desk policies.
  • Keep work and personal devices separate wherever possible.
  • The importance of using a VPN.
  • Their role in protecting data.
  • Keeping devices and software up to date.
  • Following security policies, even at home.

Apply Robust Access Control Policies

Home and remote working access to corporate apps and the network must be managed using principles such as least privilege access. However, robust access control must also become part of the general home office.

For example, device access must be protected using a biometric or strong PIN. Similarly, access to a home working computer must have robust access controls with biometric or strong password controls. App access should be enforced using two-factor authentication (2FA).

Secure Wi-Fi

Even with a VPN, Wi-Fi should be made secure as a best practice. To secure a Wi-Fi network, create a secure Wi-Fi education pack to ensure that employees have the details needed to:

  • Change the default Wi-Fi password and update the password regularly.
  • Anonymise the Wi-Fi network name and don’t name the network using personal or identifying information
  • Enable network encryption on Wi-Fi routers, e.g., WPA and WPA2.
  • Keep routers patched and up to date.

As more of us turn to remote or home working, it is vital to close the door to cybercriminals taking advantage of insecure practices. When creating security policies, remember to focus on the unique challenges of home working and security. It is also essential to empower employees with training to protect their working environment at home or in the office.

Cyber Security Risks of Remote Working

Other Articles on Cyber Security Awareness Training You Might Find Interesting