With summer finally here, workers across the world are getting ready to hit the road and find peace and quiet on a beach or green valley somewhere. Unfortunately, for businesses this could translate into a heat wave of cyber threats.
A recent survey shows the great majority of people working away from their office or home (88%) don't use a VPN service to protect their connections.
This is even more concerning as remote workers massively rely on unsecure public Wi-Fi networks for carrying out their work tasks. So, what's at stake for businesses this hot season?
Online privacy at work underrated
"The increasing shift to flexible working has no doubt brought many benefits, but this has come with an increased security risk as the attack surface expands, making organizations increasingly vulnerable to cyber threats," Jeremy Ventura, Director Security Strategy & Field CISO at ThreatX, told TechRadar Pro.
He explained that the summer months are especially risky as employees’ behaviors shift and cyber hygiene becomes laxer. "Factors such as increased remote work and travel, and even employees’ children using parents’ devices to browse the internet and play games, all can potentially expose corporate data through attacked APIs," he said.
Web application and API (Application Programming Interface) protection platform, ThreatX, surveyed 2,000 respondents across the UK and US between May 25 and June 2 about their digital posture when they work away from home. The results show that most of the people take cyber threats quite lightly.
For starters, only 12% of people use a secure VPN when traveling and working remotely. Short for virtual private network, a VPN is necessary security software nowadays as it both spoofs people's IP addresses and encrypts their internet connections.
Considering that, according to the 2022 Global Web Index, 42% of internet users turn on a VPN when connecting with their personal computer on public Wi-Fi, it looks that people take their own privacy way more seriously than when they are working. Even worse as 25% of ThreatX survey's respondents admitted not to ensure network connections are secure before accessing company devices.
More than half of people (55%) also claimed to solely use their mobile devices when working from holiday in the summer. This trend is more likely among Millennial employees (67%), posing a greater risk to the security of organizations when the workforce is largely made up the younger generations.
Almost two out of every five workers even confessed to avoiding telling their boss when working from a different location when traveling. About half of respondents admit to using either public Wi-Fi or mobile data under these circumstances, with a mere 36% in the UK and 34% in the US somewhat concerned about the security risks of doing so.
The results reinforce "the need for prioritizing API and application security," said ThreatX. Cyber criminals are, in fact, known for exploiting vulnerabilities of these enter points.
Examples like the MOVEit ransomware attack launched during the US Memorial Day are a clear indication of how bad actors take advantage of organizations caught off-guard during the holiday season.
How to boost the your company's security
As we have seen, cyber risks don't take any break in summer. Quite the opposite actually, smart hackers know very well that employees are way more likely to critically expose their devices and company data when away from their usual work environment.
"To avoid this, it’s important organizations strengthen visibility and security by tracking, monitoring, and uncovering vulnerable API and applications," said Ventura.
Cyber-attackers are aware of businesses being short-staffed and may seize the opportunity to exploit these vulnerabilities.
Jeremy Ventura, ThreatX
The security firm suggests businesses implement security protocols and use software that can monitor suspicious activity. This includes general reminders for employees to use a trustworthy business VPN at all times, not to share business data and documents to personal devices and keep children away from corporate-issued devices.
They also recommend raising awareness about such risks amongst employees, especially during holiday seasons. Almost half of respondents (45%) said no specific measures to educate and remind employees on security best practices are taken during the summer, with access of online cybersecurity training and guides still worryingly limited (24% in the UK and only 17% in the US).
As a rule of thumb, organizations' security needs to be on high alert at all times where collaboration between IT teams and employees is crucial. A zero trust approach is a good option for businesses to be able to act quickly when an attack occurs.
"With the summer holidays soon approaching, cyber-attackers are aware of businesses being short-staffed and may seize the opportunity to exploit vulnerabilities. Companies should be more mindful and vigilant around this period, particularly in preparation of the popular August bank holiday weekend."
