2 in 3 Orgs Suffer Breaches Due to WFH – Expert Provides Document Security Tips

By Kyle Mitchell, Commercial Sales Director at Whitaker Brothers

According to a recent report by cybersecurity firm Fortinet, two-thirds of businesses have experienced a security breach due to home working. Though most organizations have now been working remotely or operating on a hybrid model for several years, there are no doubt still new and unexpected challenges emerging as a result of this.

In a remote or hybrid workplace, the challenges across physical and online environments can be difficult to maintain awareness of, particularly as the number of employees working from home increases.

Data from the FBI shows that the cost of data breach crimes in 2022 was over $450m, a rise of 148% since 2020. This suggests that not only are remote workplaces presenting new vulnerabilities, but malicious actors are exploiting them with more success.

With a remote or hybrid workplace, it’s more vital than ever to ensure security awareness is emphasized at every level of the organization. This goes for both virtual and physical data, which can sometimes be forgotten in security considerations.

Common remote workplace issues

Fortinet’s survey also revealed that most organizations haven’t mitigated risks associated with remote working, such as the much wider network of devices and access points. Home wifi is more vulnerable to unauthorized access and any use of personal devices for work can vastly increase the risk of data breaches.

While most businesses will be providing devices to be used at home for security, with hybrid working growing at such a rate, some smaller businesses may not have been able to afford the complete switch to home working and will still be struggling to oversee asset management and security with their home working employees.

In addition to the risks of digital security, any employee handling sensitive physical documents while working from home faces further challenges. For these workers, an awareness of what data needs to be disposed of, as well as when and how, will need to be consistently tested and refreshed to keep the remote work environment as secure as possible.

Procedures and equipment needed for a hybrid workplace

Workers handling sensitive documents will need to be regularly tested on their understanding of what constitutes sensitive data and when to destroy it if they are to be trusted with the management of these documents at home.

Initial testing of an employee’s home wifi is important but challenging, particularly for employees of different tech skill levels. However, putting together documentation and guidance on how to provide IP addresses, review firewalls and undertake other tests at home is an important step to ensuring compliance across your business.

For remote workers who are handling a lot of documents that need to be disposed of regularly, you may need to purchase compliant shredders for their home office. The level of security the documents need will inform your choices when considering buying additional devices for your employees’ home offices but may be required for fully remote workers.

However, if security can’t be guaranteed at home, you may need to make changes to the hybrid working pattern and require documents to be kept at the office. This could mean that those workers who handle secure data must work in the office more often than other workers or that a remote work environment is entirely impossible and office attendance is mandatory. At the end of the day, data breaches cost businesses millions of dollars and your employees should understand why the choice has been made to not offer hybrid working.

How to prevent lax behavior in the office environment

Added security awareness around the home office may lead some employees to take a more relaxed approach to security when in the office. However, the business premises is still vulnerable to malicious action and this lax attitude could result in more harm than at home as access to the business network could put much larger amounts of data at risk.

For this reason, cybersecurity training needs to cover the home and the office, teaching employees of all digital skill levels what issues to look out for and what their role in business security is. This could include continuous personal development training and quizzes but could also include more practical training like phishing tests. 

The value of entrenching security training with all employees

Overall, the most important process for ensuring security while working in the office or at home is making every employee aware of their role in keeping data secure while working. Though there are many tools and procedures security teams can put in place, breaches happen most often due to the management of both physical and digital data.

Though remote and hybrid working models are still somewhat new for many organizations, the drastic rise in losses reported by the FBI since 2020 shows that this is a highly important issue that businesses need to respond to if the remote workplace is to continue as a highly popular working environment.

This article was written by Kyle Mitchell, commercial sales director at Whitaker Brothers.




Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.