Remote work ransomware protection guide for businesses

Remote work ransomware prevention guide

COVID-19 prompted an unprecedented surge in remote working – and it’s likely to have a lasting impact on future working patterns.

While rapidly implemented remote working arrangements may have initially been viewed as a short-term fix for maintaining business continuity, many predict that remote working will remain a permanent fixture in the post-pandemic world.

From a security perspective, working from home introduces a plethora of serious risks. Corporate data is being accessed from vulnerable personal devices, IT teams are unable to rigidly enforce normal security protocols and enterprise-specific security solutions are floundering in the foreign home user environment.

In this guide, we’re going to explore the security risks involved with working from home and discuss what businesses need to do to protect both remote workers and corporate networks from ransomware.

Security challenges of remote working

Remote work amplifies existing security flaws and introduces new threats, making companies uniquely vulnerable to cyberattacks. Below are some of the biggest security challenges associated with remote work:

Insecure home devices being used to access corporate resources

COVID-19 forced a rapid (and in many cases, imperfect) transition to remote working. Compromises had to be made in the interest of business continuity and there simply wasn’t time for companies to ensure their employees’ home networks were completely secure and free of existing infections. In some parts of the world, a shortage of IT equipment meant that organizations could not provide staff with company-issued hardware.

With many remote workers using insecure personal devices to access corporate networks and sensitive data, attack surfaces have expanded dramatically. Every device connected to the home network – including other computers, smartphones, laptops, printers, smart home devices, etc. – is a potential new access point for attackers, while pre-existing infections on home devices may expose business networks to malware. In March 2020, 45 percent of U.S. companies observed at least one malware infection on their remote office networks, while just 13.3% observed an infection on their in-office corporate networks, according to figures from BitSight.

Weakened security controls

In a normal enterprise environment, IT teams can impose strict security policies on company-owned devices via EDR systems, restrictive group policies, whitelist solutions and so on. With remote working, maintaining the same level of control is difficult – if not impossible – because so many remote workers use their personal devices for work purposes.

Ethically, it’s tough for businesses to dictate what software employees can and can’t use on their home devices. From a technical perspective, the sheer diversity of the remote working environment makes it extremely challenging for companies to reliably secure the myriad of devices, operating systems and applications on every employee’s home network.

Diversity of the home-user software ecosystem

The corporate network is a carefully controlled environment where only approved software is installed by authorized users. Modern EDR and nextgen security products – which are often heavily reliant on machine learning – excel in this sanitized environment because applications can be easily grouped and recognized. An application should be either business software or operating system software – and if it’s neither, it’s likely malicious.

The home network is comparatively chaotic, a melting pot of working, gaming and entertainment applications downloaded from unvetted sources across the web. For enterprise security products, whose machine learning models have been trained with very black-and-white data sets, this is foreign ground. Relearning what constitutes a threat in this diverse environment takes time, and it’s not uncommon for products tailored to the enterprise market to trigger a flood of false positives and incompatibilities when exposed to the home-user software ecosystem.

Most common ransomware attack vectors for remote workers

Threat actors use a variety of methods to compromise remote workers and infect the companies they work for with ransomware. Below are the three most common attack vectors:

How to secure remote endpoints and protect company networks

A change in the way we work requires a change in the way businesses approach security. The following best practices can help organizations secure new remote access points and protect company data.

COVID-19 may have permanently changed the way the world works. The global transition to remote working has been critical for maintaining business continuity while respecting social distancing guidelines, but with this paradigm shift comes unique opportunities for cybercriminals looking to capitalize on the chaos.

Businesses of all sizes must be mindful of the security challenges involved with remote working and take steps to secure their remote endpoints, networks and corporate assets. Implementing the security practices described in this article can significantly reduce the risk of compromise and help companies avoid becoming the next ransomware victim.


Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial




Writer. A picture is worth a thousand words but unfortunately I can't draw. The world of IT security has always fascinated me and I love playing a small role in helping the good guys combat malware.

What to read next