How does Working from Home Impact Cybersecurity?

How does Working from Home Impact Cybersecurity?

The Coronavirus has been a catalyst for remote work in 2020, and there has been a massive shift to work from home since the pandemic began. According to Gartner, “88% of organizations have encouraged or required their employees to work from home since the outbreak,” and “74% of companies plan to permanently shift to more remote work post-COVID.” The move to potentially permanent remote work settings presents a unique set of security and privacy risks for organizations as employees are no longer protected by the safeguards of controlled onsite IT environments.

What is Cybersecurity?

As defined by Digital Guardian, Cybersecurity refers to the body of technologies, processesand practices designed to protect networks, devices, programsand data from attack, damageor unauthorized access. The need for cybersecurity is significant as organizations across all industries collect and store unprecedented amounts of sensitive data that needs to remain secure. As the sophistication of cyberattacks continues to grow, businesses need to take proper precautions to protect their information. With the increase in a remote workforce, cybersecurity is in even higher demand as employees are now accessing secure information from home, such as intellectual property, financial data, health records and more.

Why is Cybersecurity at Risk?

As COVID-19 hit rather abruptly and businesses had to react quickly to government calls for nonessential employees to work from home, many IT departments were unprepared for the sudden shift. Because of the quick transition, employees started using their personal devices while working from home. Most personal devices aren’t protected beyond a simple firewall or antivirus program. Remote work on a personal device eliminates the security settings provided by the company’s IT department. Business New Daily states, “without keeping up with software patches and using the company’s VPN (Virtual Private Networks) for further security, data can be intercepted over the internet.”

Working at home on personal devices, such as a family computer, can pose additional risks as these devices can be running on extremely outdated software equipment and are affected by the habits of all members in the household. Situations like this have led to some unfortunate statistics. A recentstudy out of Italy showed that phishing attacks jumped by 40% as the Coronavirus crisis boiled over.

Additional Risks to Security at Home

Use of personal devices for work isn’t the only threat to security. Here are a few more to consider:

  1. Hackers can Manipulate VPNs

VPNs become a lifeline for many businesses working remote as they extend encrypted networks to our homes. With many home networks already infected with malware or compromised hardware, however, it opens the door for hackers to work through the VPN.

  1. Lack of a Mobile Policy can Lead to Hackers

Employees turn to phones more than any device, and without policies defining what work can and can’t be performed on a mobile device, the possibility of mobile threats by cyber criminals increases.

  1. Information can be Weaponized

As we are all at home experiencing the shared crisis of COVID-19, hackers now have a single lure into attacking the vulnerable. A malicious mobile app, for example, had been created to pose as one developed by the World Health Organization. Many have downloaded it onto their personal and professional devices, allowing access to sensitive data.

Tips for Keeping your Connections Secure

While working from home does impact cybersecurity, there are ways to help ensure a secure line of communication and protect sensitive information.

For Employees:

  1. Keep your VPN turned on to help protect against cyber criminals
  2. Update your network security often (i.e. operating system, antivirus programs, etc.)
  3. Avoid phishing emails and downloading or opening links when you aren’t sure of the source
  4. Enable multifactor authentication

For Business Leaders:

  1. Setup remote access with a secure VPN
  2. Provide company devices for employees
  3. Schedule mandatory security trainings
  4. Reinforce the importance of confidentiality