A vast number of businesses have gone online and millions of employees have shifted to remote working during the COVID-19 pandemic—with mixed results.
While many people have enjoyed the flexibility that comes with working from home, some have found it tricky. And then there’s the risk of data breaches and other cyberattacks.
When operating from the office, the day-to-day workings of a company are protected as a matter of course. But with each individual using their own laptop or computer at home… things aren’t so cut and dried.
So… Can it be compromised?
The short answer is yes, of course. Although you could argue that a computer is at risk of compromise in an office too. However, working from home comes with bigger risks, including individuals falling for scams, employees using weak passwords, lack of firewalls to protect employees’ home Wi-Fi networks, and the use of other devices that aren’t encrypted.
It seems that COVID-19 has resulted in a massive upswing in phishing emails. In the past few months, they have increased by over 600%. Malspam and ransomware attacks have also increased exponentially—often by trying to exploit the confusion caused by the pandemic upheaval and knock-on economic effects.
What are the cybersecurity dangers of remote working?
There are several specific scenarios and activities that pose a threat to a company’s cybersecurity:
- Human (employee) error
- Lack of vigilance
- File and information sharing
- Use of personal devices
- Difficulty accessing IT support
- Failure to use VPN
- Failure to back up files and data
- Use of unsecured Wi-Fi connections
Some of these present bigger risks than others, and the scope for disaster varies. But all are largely mitigated if a company is vigilant and comprehensive in its security practices.
This unfortunate weakness is applicable whether working remotely or in an office setting. Unfortunately, it’s much more likely to crop up when working from home—probably because sitting in your “home office” results in a much more easygoing approach to work.
Human error can include things like clicking on malware, opening attachments that contain viruses, or setting a weak password that’s vulnerable to hackers.
While human error is unavoidable, training and educating staff can reduce the occurrence a great deal. Keeping staff informed about the dangers makes them more aware, and more likely to spot a scam, phishing mail, or potentially threatening attachment.
Lack of vigilance
Similar to human error, lack of vigilance can result in chinks in a company’s metaphorical armor— weak points in the cybersecurity barrier that protects data from unauthorized access.
Research has revealed that people working from home fall for phishing scams at much higher rates than those working in the office. Shockingly, 47% of employees fall for phishing scams when working remotely.
For many people, “working from home” can also mean working from a coffee shop or similar setting where Wi-Fi is available. What they fail to realize, however, is that such networks are insecure and provide hackers or other parties with an ideal opportunity to access confidential data.
Once again, raising awareness of the issue is key, and can go a long way towards improving vigilance.
File and information sharing
Working from home means that people use the internet more often to share files and data with colleagues, instead of using in-house methods or protocols.
Sharing data in this way, from home to home, poses a much greater risk. Immediately the danger of human error and lack of vigilance doubles, purely because there’s more than one individual involved. If employees are not provided with advanced encryption software, then company data is open to exploitation by third parties.
Use of personal devices
This is one of the greatest risks of working from home. Unfortunately, many companies find it too costly to provide every remote employee with a laptop or computer, which results in them using personal devices.
Not only does this mean their own laptops or computers but also smartphones, printers, scanners, and tablets. Many smartphones are not encrypted, totally negating the use of encryption on laptops or PCs and posing the same risk of data breaches. Personal devices may also lack vital antivirus software and firewalls.
A BYOD (bring your own device) policy is an excellent idea, not just for the office, but for those working remotely too. If policies and procedures are in place, there’s a better chance of protection.
Difficulty accessing IT support
Technology is great when it’s working, but all too often employees encounter IT problems, whether on-site or within the comfort of their own homes. It’s relatively simple for the IT department to fix an issue within an office environment, but they are highly unlikely to be able to provide the same service to individuals working remotely.
Internet connections and imminent data breaches can make it difficult or impossible for IT support to render aid and prevent attacks.
Allowing remote access to IT teams can alleviate this issue to some degree, but it’s not 100% infallible.
Neglecting to use a VPN
This scenario is interwoven with many others—use of personal devices and lack of vigilance, for example. Every remote worker should use a VPN, which is a fundamental tool to ensure privacy and security.
Issues with accessing IT support can also result in employees defaulting to personal devices without adequate security when something goes awry with the VPN they’re using.
Failure to back up files and data
One of the greatest worries of every business is the loss of their data, with no way of recovering it. It only takes one attack to bring a company to its knees by wiping out all its files.
To combat this, make use of the cloud and ensure that every bit of information backs up.
Use of unsecured Wi-Fi connections at home
We’ve already covered the dangers of connecting to Wi-Fi in public settings, but people also forget that their home networks are not protected.
Many people aren’t aware that updating home router software is necessary to ensure cybersecurity. And that failing to update other devices results in the same security risks as an insecure Wi-Fi connection. Even routers that have some kind of firewall in place are usually not as secure as an on-site network. This danger can be offset, however, by providing remote workers with a firewall equipped to deal with serious threats.
A New Era Requires A New Approach
It’s unlikely that work will ever return to pre-pandemic “normal”. This requires companies to change their approach to tech. Working remotely is here to stay, cybersecurity must adapt.