How to prevent remote work from creating a security gap in the company

Working remotely entails certain risks that can compromise the digital identity of companies and workers, as well as the security of information. 

T

he concepts of remote and hybrid work are now familiar to most people. Just a few years ago, most of the population had never experienced working from home or remotely. Companies in general did not consider it to be an advantage and did not offer it. Following the crisis of 2020, the percentage of remote workers increased worldwide. Today, after a stabilizing and adjustment period, 55% of companies¹ worldwide still offer remote working options, and 18% of employees work remotely on a permanent basis.   

The available technology and the open-mindedness of entrepreneurs have transformed the job market, in many cases, in a very positive way. However, the most significant drawback is the risk to the security of the organization itself. This can be caused by weak protocols or irresponsible behavior. 

One of these risks would be unauthorized access to information and systems. With employees spread across multiple locations and reliance on external networks and connections, the window of opportunity for potential intruders increases. 

Lack of adequate controls and the use of insecure communication channels lead to breaches that can compromise the confidentiality of communications and business negotiations with partners and clients. 

Additionally, a company’s online reputation is also at stake. Inappropriate actions and behaviors by employees, whether intentional or not, can quickly spread through social networks and damage the organization’s image and credibility. Such mistakes leave a lasting impact that is difficult to erase. 

These “gaps” in remote work management can affect corporate values, business opportunities, and critically, the solidity of digital identities. 

Layers of security for the best onboarding 

From the very selection process, it is crucial to identify and assess candidates rigorously. Therefore, a comprehensive and reliable onboarding procedure must be implemented, based on technological solutions with several layers of authentication to ensure the consistency of their identity, avoiding potential issues in future incorporation. 

• Video identification: In the initial contact, candidates can be asked to participate in a video call or online interview. A video identification solution with deepfake and synthetic identity detection can verify the candidate’s identity by comparing their appearance with the information provided in their resume and personal documents. Video identification technologies strengthen the relationship between the company and the applicant from the outset, providing transparency and supporting strict KYC compliance. 
• Facematch: Applied during the video call to compare the live image with a previously registered one. It helps ensure that the person participating in the selection process is the same as the one in the documents and that no false identity is being used. Utilizing Artificial Intelligence, the facial matching technology extracts distinctive features from the applicant’s face and determines the matches with the captured selfie. The AI algorithms used in facematch can adapt and improve over time as they receive more information and training data. This allows for greater accuracy and facial recognition capabilities as more images are processed. 
• Document verification (official identity documents, driving licenses, etc.) and comparison with official lists, which is crucial for compliance with Anti-Money Laundering (AML) regulations. Solutions based on optical character recognition supported by Artificial Intelligence are very accurate in detecting forgeries and inconsistencies before establishing a trust score. 

It is advisable to include an assessment of the ability to work safely and responsibly in a remote environment. This may involve a thorough review of their security history, checking references, and verifying their skills to use online collaboration tools securely. 

A call for responsibility: digital identity and password management

According to a survey conducted by the cybersecurity company OpenVPN, 54% of IT professionals consider remote work to pose a higher risk to the security of companies when compared to in-office work. 

Vulnerabilities they may face often arise from employees’ habits. A study conducted on a sample of 3,000 remote workers revealed that 43% of them used their own devices instead of ones provided by the company. This trend is known as BYOD (Bring your own device), which poses challenges in terms of security, data management, and protection of corporate information. Moreover, 92%, according to the same study, perform some tasks on a personal device. The danger of incorporating these devices into work routines is that, in some cases, they are shared with acquaintances or family members who do not maintain specific security measures. 

Furthermore, if employees do not keep their personal devices updated with the latest security patches and software updates, they may be exposed to breaches that cybercriminals will exploit. 

Judging by the data that surveys continue to reveal, the matter of password hygiene, another hot topic in business security, seems to be deeply entrenched. Nearly 50% of workers use the same password for personal and professional services. 

These habits cast doubt on the coherence of the digital identity of companies, as well as that of each individual employee. 

What companies can do about phising and other attacks

The first advice experts give to avoid the most common risks of remote work is to establish a specific unit to manage it. From this team, continuous training and awareness about cybersecurity are essential to help employees understand the associated dangers and how to mitigate them. This includes teaching best practices, recognizing phishing attacks, and protecting confidential information. 

Regular audits should be conducted to assess system security, identify potential vulnerabilities, and allow the organization to take preventive and corrective measures. 

Preventive policies may require data encryption, the adoption of password managers and multifactor authentication, the prohibition of BYOD, or the consideration of remote wiping of information in the event of a data breach. Using cloud services with secure authentication and appropriate permission hierarchy is another preventive measure. 

Zero Trust 

All these measures must be supported by a strong culture of privacy throughout the organization. There is an increasingly popular model called Zero Trust, on which many companies base their corporate digital identity protection culture. 

Since the term was coined in 2010 by analyst John Kindervag, the Zero Trust approach has gained many followers. This strategy can be summarized as “each machine, user, and server are not trusted until proven otherwise.” Instead of automatically trusting users, devices, or services, Zero Trust adopts a more restrictive strategy and continuously verifies the identity and security of each request before granting access. 

These are the key concepts that define Zero Trust: 

• Strict authentication: Each user and device must be securely authenticated daily before accessing network resources or services, using methods such as multi-factor identification (MFA), biometrics, etc. 
• Granular access control or attribute-based: Based on policies to determine which users or devices have permission to access specific resources. Access policies are based on factors such as user identity, device type, location, and the context of the request. 
• Network segmentation: The network is divided into smaller segments, and policy-based segmentation is applied to limit lateral movement of users and devices within the network. This helps contain any malicious activity and minimize the impact of a potential security breach. 
• Continuous monitoring: Constant monitoring of user and device activities to detect abnormal behaviors or suspicious activities. Threat detection and analysis tools are used to identify potential threats and proactively take corrective actions. 

Workers often highlight flexibility and autonomy in organizing their tasks or a better work-life balance as advantages of remote work. The elimination of geographical barriers allows people to connect and collaborate with teams and colleagues from different parts of the world, fostering diversity and the exchange of ideas. Commuting is reduced, which also reduces associated expenses and stress. In general, the possibility of remote work provides people with more freedom and comfort, which is also reflected in departmental relationships. Several studies also emphasize that productivity increases. According to an Accenture report, 83% of workers believe that a hybrid model would be most suitable for their future. However, with all these benefits that not only improve the lives of employees, but also protect the digital identity of the organization, it is important to remember that even in a changing environment, caution is equally or even more important. 

¹ Evolution of Remote Work 2020 – 2022. Audara. February 11, 2022.