A Simple Solution to Remote Work Security Risks

As a legacy of the pandemic, hybrid working has become a valued part of corporate life

The blend of working from home and a centralised workplace offers convenience and flexibility, and in countries such as the Netherlands, could even become a legal right.

In the UK, recent ONS figures report that the number of employees hybrid-working has risen to 24%, up 11% from February 2022. At the same time, the percentage working exclusively from home fell to 14%.

The benefits that accompany remote work simply weren’t available when employees were required to physically go into an office. Still, any form of remote working – hybrid or otherwise – poses cybersecurity risks for organisations. They may include the accessing of sensitive data through unsecured WiFi networks, bring-your-own-device (BYOD) policies – where unsecured personal devices are used for work-related activity – and sharing sensitive data with co-workers through unencrypted channels.

Another major but easily preventable risk is a reliance on weak passwords due to the default behaviour of many individuals towards easy to remember and reused passwords when not given the proper tools. Worryingly, research puts the number of people re-using passwords at 84%. But there is a simple, easy to implement and inexpensive solution: password managers.

How password managers secure hybrid and remote workplaces

One of the most efficient, effective strategies for protecting data, devices, and accounts and preventing its exfiltration is to use a strong and unique password. But, they need to be strong and unique for each app or service they access — and that makes them hard to remember. Which is a problem when considering 55% of people rely on their memories to manage passwords, even though over two-thirds (68%) believe it is more important for a password to be secure than easy to remember.

Password managers help solve this conundrum. Password managers allow employees to generate strong and unique passwords and/or usernames for every single site they have access to or register an account with. This ensures there is no password reuse and allows organisations using enterprise-grade password managers to create password strength rules and other policies to ensure a certain level of security across their employee’s accounts, even for systems they don’t control.

Recent research also lends credence to the notion password manager implementation would be welcome among employees. Even though only 1 in 4 are required to use a password manager at work, the majority (64%) believe workplaces should provide employees with a password manager to protect credentials. This finding indicates a desire for leadership and creativity, a development IT security teams should find heartening.

Shared accounts that require another level of control – such as user accounts for a server, an organisation’s SSH keys or encryption key password for an SFTP server – present another set of challenges for sharing access information. Some password managers provide a means of creating and securely storing organisation passwords in collections that enable an administrator to share and update those credentials from time to time without having to blast the organisation’s users with updated info

through less secure channels. In this way, organisations can exercise centralised control over who has access to the information.

To further shore up security, organisations should also look to enterprise password managers that offer some form of two-factor authentication (2FA). Two-factor authentication, which is when users are required to utilise two separate methods of verifying their identity in order to access an account, helps increase user security for websites and applications to an even greater degree. It limits the opportunity for data exfiltration that may stem from the use of unsecured WiFi networks, unsecured personal devices, and unencrypted channels.

Organisations will never have complete and total control over how their employees use technology – especially in a hybrid or remote environment. Insecure practices such as those discussed in this article will unfortunately continue. However, overall risks can be mitigated by consistent, enterprise-wide use of a password manager.

About the Author

Gary Orenstein is CCO at Bitwarden: Open source password management solutions for individuals, teams, and business organizations.

Featured image: ©Putilov_denis