• Sign In
  • Get Started
HomeGRC CentralRiskRemote vs. In-Office Cybersecurity Threats

Remote vs. In-Office: How Cybersecurity Threats Compare

Remote vs. In-office how cybersecurity threats compare

What's Inside

With the rise of remote work, businesses need to protect themselves from cybersecurity attacks. We compared threats in the office to remote settings.

Contents
In the OfficeRemote Workplaces

Cybersecurity threats are the norm in today's business environment.

According to the Identity Theft Resource Center, 2023 was a record year for cyberattacks in the U.S., with over 3,200 data breaches reported, up from 1,800 in 2022. Drata broke down how threats compare in office and remote settings, as well as how businesses can stay protected.

Attacks have greatly increased for many reasons, including human error, more sophisticated criminals, and access through vendor systems, Harvard Business Review reports. Total lack of cybersecurity is another issue. A STX Next global survey of more than 260 chief technology officers in 2023 found that 35% did not have cybersecurity measures in place at their company.

Just Getting Started on Risk Management?

Download this guide for a full breakdown of IT and cybersecurity risk management and how to make it work for your organization.

Get the Guide

Cybercriminals' new favorite place to attack is the cloud. Although cloud technology has improved efficiencies, data storage, collaboration, and remote work, IBM reported it was involved in 82% of data breaches in 2023. Human configuration errors, companies allowing easy access, and unsecured backups make corporate clouds vulnerable and attractive to hackers.

Ransomware attacks have also gotten more dangerous, as criminals have started making copies of data on computers they've hacked before they lock them down. While waiting for ransom money, they also threaten to expose the stolen data.

Criminals have also found it easy to get into a company's network by going through another door via third-party vendors with access to their clients' systems. These vendors often have vulnerabilities in their own systems that hackers target and use to gain access to the vendor's clients.

A cyberattack can wreak havoc on a business, and compromised data is just the tip of the iceberg. Attacked companies experience public embarrassment, decreased stock prices, lost revenues, employee downtime, and costs of fixing the breaches. In 2022, data breaches cost U.S. companies an average of $9.44 million, per IBM.

The proliferation of remote work has concerned some companies, as it could mean additional vulnerability points, but research shows that that's not necessarily the case.

In the Office

In-house IT teams often implement security policies to keep corporate data safe. Secure networks with firewalls, strong passwords, multi-factor authentication, malware detection, updated software, and backups are some elements teams use to maintain security. Some companies do not allow employees to take home their computers to prevent them from being lost or stolen.

Smaller businesses don't always have dedicated resources and staff working in IT, but the Federal Communications Commission recommends companies develop and implement cybersecurity policies. Outsourcing and automating some tasks, such as software patches and backups, can secure small businesses with tighter budgets.

64% of companies report integrated risk management and complete visibility into third-party risk as top-ranked priorities.

Download the report and gain critical insights into risk management strategies of today's enterprises.

Get the Report

Remote Workplaces

The work-from-home trend has become permanent for many workers. According to BLS, as of November 2023, 16.4% of people in management and professional roles exclusively telework, as do 12% of people in sales and office jobs.

Remote work can conjure up images of employees sitting in coffee shops or libraries with free Wi-Fi. However, publicly available Wi-Fi can make devices vulnerable, especially if employees inadvertently join a malicious network. Tools like multifactor authentication, single sign-on, and virtual private networks can help mitigate the risks around remote connectivity.

A study published in the July 2023 issue of Computers & Security found that remote workers are more vigilant about cybersecurity because they don't assume they have the same protections they would in an office setting. Because remote workers don't have the same security, they aren't lulled into thinking they're safe and develop more knowledge and awareness about the threats they can face.

Training is key for companies to keep their data safe. It's essential for offices of any size—for both in-office and remote workers—because employees are often the first targets and first line of defense for cyberattacks. Building awareness of how criminals phish for data and target corporate networks can cut down on the success rate of attacks.

Centralize and Streamline Your Risk Management Process

Drata automatically matches risks with pre-mapped controls to unlock the power of automated tests and put risk management on autopilot, saving you time, money, and helping your business focus on more strategic objectives

Schedule a Demo

Keep Reading

See More
Trends in data breaches across 10 commonly targeted industries

ARTICLE

Trends in Data Breaches Across 10 Commonly Targeted Industries

Managing Compliance and Risk in One Location with Drata

ARTICLE

Managing Compliance and Risk in One Location With Drata

Remote vs. In-office how cybersecurity threats compare

ARTICLE

Remote vs. In-Office: How Cybersecurity Threats Compare

Risk Management Should Drive Organizational Accountability

ARTICLE

Risk Management Should Drive Organizational Accountability

Take Your Learning Further

Discover research, guides, templates, and other resources on risk management.

Explore Risk Hub