2020 saw remote work become a necessity, regardless of the size of the business or the number of employees. To put this into perspective, Upwork claims that 41.8% of working Americans were working remotely at the end of 2020. An estimated 26.7% will still be working from home through 2021, while 36.2 million Americans (22% of the workforce) will be working remotely by 2025. This adds up to an 87% increase from the number of remote workers before the COVID-19 pandemic.
How have cybercriminals responded to the work-from-home trend? It is safe to say, they are quite happy with the new arrangement. Adding to COVID-19-related fears among the population, cybercriminals are using work from home environments as a new gateway to conduct acts of data theft.
More than ever before, work is being conducted over home ISPs, utilizing routers and printers that are not individually approved by IT managers. Home automation systems may be covertly listening in the background, while wandering eyes of roommates or strangers in public can pick up on confidential conversations. Sharing networks with those working for different organizations can also be problematic. So, with this in mind, what are cyber criminals looking for, and how can you limit opportunities for them to take advantage of your organization's data?
Why is a Work-From-Home Setting More Vulnerable to Cybersecurity Threats?
New work-from-home trends means more people are conducting business away from a centralized location. These de-centralized locations usually have fewer safeguards than a physical workplace.
What are some common and potentially dangerous situations that work-from-home employees put themselves in?
The use of public Wi-Fi
Others have access to this same network without the use of a firewall between them. Ensure your data is encrypted, or use a hotspot instead.
Scenario # 1: Working from the local coffee shop.
Keep work and personal devices separate
This one is pretty self-explanatory. If your personal computer or mobile device has not been set up by your IT team for conducting work-related business, you shouldn't be using it for those purposes. They often lack the end-to-end protection that may be installed on a work-related device.
Scenario # 2: Sending/receiving email or opening work-related attachments on your personal laptop.
Out of sight, out of mind
Employees should ensure that the only eyes on their work-issued device screens are their own.
Scenario # 3: If working from a public space, be sure to sit in a spot where it is difficult for others to look over your shoulder. Consider sitting in the back row, where the only thing behind you is a solid wall.
What Does the Workforce Think?
ISACA surveyed over 3,700 IT audit, risk, governance, and cybersecurity professionals from 123 countries in mid-April 2020. They wanted to gauge their thoughts on the current and future impacts of COVID-19 on both their organizations and their jobs. The results demonstrate that cybersecurity is a real concern--more now than ever before:
Image courtesy of ISACA's COVID-19 study
What Are Other Important and Sometimes Overlooked Cyber Security Threats Present When Working From Home?
Virtual private networks, better known by their short-form, VPN, are one of the main security features taken to the home workspace. They allow for the encrypted retrieval, transfer and storage of data.
So, as long as you are connected to your company's VPN you should be safe, working from just about anywhere or any device, right? Wrong. Many home networks may already have been infected with malware or other related viruses. This means that your company's network can be exposed to potential attacks through the VPN termini. As an IT leader, it would be a labor-intensive task to check on every employee's home network. Therefore, the best defense for a company is to stay up to date on all security patches provided by both the computer software and VPN providers.
Logistics and IT Support Issues
When things go wrong with your work tech, at home or in a physical workplace, employees often send requests to IT for assistance. When on site, IT professionals can quickly attend and isolate potential issues. Distance and logistical challenges can prevent IT professionals from providing the same service when their employees are in different locations. For example, if there is a cyberattack in progress, IT professionals may not be able to prevent the attack remotely.
Similarly, getting new or replacement equipment out to employees can take some time due to shipping. The space between shipping and receiving can create downtime, costing an organization money. Although shipping delays can most of the time be out of a company's control, preparing employees to handle basic or intermediate IT issues can be easy. IT professionals are encouraged to host regular sessions on common issues, fixes, and preventative measures. Incentivizing the sessions and recording them can help to get more employees involved.
Multiple Employee Devices
As briefly mentioned earlier, employees working from home often use more than one device. If they haven't done so already, they may opt to download their work email to their smartphone since they may be "on the go" more than usual. Although company-issued laptops are supposed to be secure, other devices introduced into the ecosystem, such as a smartphone, may expose work networks to risk that was not initially accounted for. They are also more difficult for companies to track and handle remotely.
IT leaders are encouraged to introduce policies regarding the use of personal devices for work matters. If this is already on hand, it should be shared and strictly followed by company employees. Generally speaking, employees should avoid using non-work-issued devices completely.
The Bottom Line: Working From Home Has Increased Cybersecurity Threats
In a recent survey of 1,500 working-age individuals in Switzerland (16 to 64), Deloitte reports that a quarter of employees have noticed increases in the amount of spam, fraudulent emails, and phishing attempts to work accounts since the start of the COVID-19 crisis in early 2020. Why is this happening? Cybercriminals are notorious for evolving along with current situations and technology to expose vulnerabilities. It is nearly impossible to stay ahead of cybercriminals, but the best defense is being prepared for them when they show up. Some tips with which to leave IT leaders as employees continue to work from home include:
- Update company infrastructure and software on a regular schedule
- Develop a personal device use policy for employees
- Contract trusted IT shops in local neighborhoods where your employees are located to conduct repairs
- Move as much of your data to the cloud as possible, including using cloud vendors for software, such as your IT help desk