The Covid-19 pandemic changed our world in many different ways in 2020, including how we work. Love it or hate it, work from home is showing no signs of waning, in fact many large corporations have introduced new hybrid working models allowing employees to combine onsite and offsite work as they and their employers see fit. Microsoft, Google, Facebook and Twitter are among those allowing their workers to continue working from home post pandemic, yet despite the obvious benefits of remote working, it doesn’t come without its risks.
A recent report from HP Inc. shows that changing work styles and behaviours are creating new vulnerabilities for companies, individuals and their data. According to the findings of The HP Wolf Security Blurred Lines & Blindspots Report, 70% of office workers use their work devices for personal tasks, while 69% are using personal laptops or printers for work activities. Almost one-third (30%) of remote workers surveyed have let someone else use their work device. As a result of these and other behaviors, home workers are increasingly being targeted by hackers.
The study provides a multi-dimensional view by combining findings from: a global YouGov online survey of 8,443 office workers; a global survey of 1,100 IT Decision Makers (ITDMs), conducted by Toluna; real-world threat data shared by customers from HP Sure Click micro-virtual machines; and analysis from KuppingerCole, an international, independent analyst firm. KuppingerCole notes there has been a 238% increase in global cyberattack volume during the pandemic.
Joanna Burkey, Chief Information Security Officer (CISO), HP Inc. says: “As the lines between work and home have blurred, security risks have soared and everyday actions such as opening an attachment can have serious consequences. Without all of the pre-pandemic sources of visibility of devices, and how they are being used and by who, IT and security teams are working with clouded vision.”
Cyber Magazine has put together three of the greatest cyber security risks of working from home.
The EU GDPR Academy says GDPR requires people to be aware of the types of data they handle and process but employees working from home may use their personal devices, such as laptops or smartphones, which may not have all of the appropriate technical measures required by the company for workstations physically present in the office. This lack of security could turn into serious vulnerabilities to external threats such as clicking on unfamiliar web links, opening attachments, or visiting unsafe websites. Moreover, employees could be tempted, outside of the office, to use their personal accounts for work (private email, file sharing systems, or storage) because it seems to be more convenient, thereby mixing the organisation’s data with their own personal data. The Academy says companies should provide their employees with a remote working policy in which rules and tips for remote working are clearly listed. It says remote employees should be instructed on how to keep personal information and company data safe, especially when working from home. Moreover, they should be regularly trained about the best practices and guidelines to adopt for data protection.
According to cybersecurity company Kaspersky, phishing has become more prevalent since more people are working from home. A recent Ivanti phishing survey found the global shift to remote work has exacerbated the onslaught, sophistication and impact of phishing attacks. Ivanti surveyed over 1,000 enterprise IT professionals across the US, UK, France, Germany, Australia and Japan. Eighty percent of respondents said they have witnessed an increase in volume of phishing attempts and 85 per cent said those attempts are getting more sophisticated. In fact, 73 per cent of respondents said that their IT staff had been targeted by phishing attempts, and 47 per cent of those attempts were successful. Kaspersky says securing the home Wi-Fi, making sure passwords are strong and secure and alerting employees to the dangers of phishing can all help to reduce the risk.
Open Wi-Fi networks
The only measure most people use to protect their home wireless network nowadays is to set up a password and prevent neighbours and other people from taking control of their data. But open home Wi-Fi networks can present a real security risk to those working from home. NETGEAR has recently launched VPN support for remote workers. Douglas Cheung, Senior Product Line Manager at NETGEAR says “In the big shift to work-from-home, we’ve seen many challenges for the remote workforce, including security concerns and declining employee productivity levels due to unreliable access to company applications and networked systems, and storage.” Dubbed Insight Business VPN, the new service lets small and medium-sized businesses extend corporate networks to branch offices and employees' homes via an always-on virtual private network.
According to professional services network, Deloitte, working from home is becoming a gateway to new forms of data theft. Poor technological infrastructure and inadequate cyber and data security are hampering the productivity of employees working from home and represents a cyber risk to businesses.
Deloitte’s Combating COVID-19 with Resilience report surveyed 1,500 working-age people (16 to 64 years) resident in Switzerland looking at the impact of COVID-19. representative sample of ages, genders and regions. Speaking on the results Deloitte’s, Klaus Julisch, Managing Partner, Risk Advisory says: “The external enemy, cyber criminals, is only one of the threats about which security conscious companies should be worried. As this survey shows, companies also face threats from within their own ranks, internal employees.”
Deloitte’s tips for companies that operate work from home rules
- Make staff aware of issues, train them in managing sensitive data and remind them of the company’s code of conduct and related rules. Working from home introduces new cyber risks and employees need to be adequately trained in their responsibilities.
- Regularly check that the security measures taken to protect new and tactical IT solutions (including cloud-based solutions) deployed are effective. Many solutions were rolled out under enormous time pressure at the beginning of the crisis and IT staff now needs to ensure effectiveness of security controls.
- Step up security monitoring of both devices and users to enable companies to proactively identify and correct mistakes made by users in managing sensitive data.
- Assess capability and capacity to recover from catastrophic cyber attacks effectively, such as a widespread ransomware attack. This includes the capability to get the entire IT infrastructure back up and running as soon as possible after such an event.
- Validate the security effectiveness of your most important service providers, suppliers and sales partners. Weaknesses in the supply chain can cause major cyber and data breaches.