The spread of the pandemic has forced companies to quickly switch to remote working, with varying levels of success. But these arrangements are likely to persist, as the UK Prime Minister has asked his constituents to continue working from home. The government will also be imposing a job support scheme in place of the furlough scheme, making shifting to remote work more appealing.
While companies have had to restructure and re-allocate their resources to bring all their work online, this has often resulted in increased productivity from their employees. Unfortunately, shifting to remote working arrangements also exposes remote workers to a variety of cyber security threats, such as:
Office devices and networks have firewalls and other security tools to block possible breaches. However, with remote working, employees are probably using their personal computers and home internet connections to work. With remote working employees aren’t monitored as stringently. Help Net Security shows that employees tend to be careless when working at home, sending work-related emails to the wrong people, or sending company-related data to their own personal email accounts. The most common excuses for these mistakes relate to ‘not working on their usual (company-owned) devices’, and the feeling of ‘not being watched by the IT team’.
The CEO of Tessian, Tim Sadler, says that “Human error is the biggest threat to companies’ data security, and IT teams lack true visibility of the threat. Business leaders need to address security cultures and adopt advanced solutions to prevent employees from making the costly mistakes that result in data breaches and non-compliance.” However, these solutions should not hinder the workers from doing their jobs.
Accessing data through public networks
Every remote worker needs to be able to access company data to be able to do their job. In fact, one of Verizon Connect’s tips for staying productive in the new normal involves improving access to information, because how quickly your staff can access the data needed to do their jobs determines how agile and efficient your organisation will be. Whether it’s client information or proprietary software, employees often need to access company servers – and with them working from home, they do so on less secure networks.
When you send information through a public network, you might be actually sending it to a hacker instead of to the connection point. If the hacker receives sensitive information, such as emails, credit card information, and phone numbers, they will have access to your other information. They will then use this to install malicious software on company devices or even steal your co-workers’ information as well. If there is a need to send important information, it would be better to do it on a private or personal network.
There has been an increase in phishing attacks since the pandemic began. Hackers are growing with the times, emotionally manipulating people into believing scams purporting to be fundraisers for vaccine research and the like. Fake links on COVD-19 news, fake emails from the World Health Organization, and fake advertisements to face masks and other medical supplies have become more common. The shift to remote working has also led to an increase in the number of emails with links to fake business meetings.
Security Boulevard’s article on phishing in remote working highlights the need for cyber awareness. 90% of employees lack this so they have difficulty assessing whether an email is a phishing attempt or not. Hackers rely on people not knowing the latest phishing trends, so it’s important that workers are educated on these. The company should also inform the employees of any changes they are making to any system that might require their personal and office information. Employees should also be made aware of the necessary protocols that need to be followed when asking for this kind of information.
Working from home has become a major stress point for IT and security workers, especially since this was initially a very abrupt change. Tech Republic’s tips on combatting cyber threats involve educating employees on cyber security and putting a good system and defences in place despite employees working from home. VPNs such as ZSVPN ensure online privacy by encrypting connections. However, you can never be too sure of your company’s security, so continue to audit constantly to check for any suspicious activity.