Home working increases cyber-security fears
Chris Lunn • February 9, 2021
Peter says that the cyber-attacks on his company are relentless.
"We see tens of different hacking attacks every single week. It is never ending."
A senior computer network manager for a global financial services company, Peter (who did not want to give his surname, or the name of his employer, due to his firm's anxieties surrounding cyber-security), says they are bombarded from all directions.
"We see everything," he says. "Staff get emails sent to them pretending to be from the service desk, asking them to reset their log-in passwords.
"We see workers being tricked into downloading viruses from hackers demanding ransoms, and we have even had employees sent WhatsApp messages pretending to be from the CEO, asking for money transfers.
"And having staff working from home during the lockdowns has just made it worse, as it is much harder to keep an eye on everyone."
With one in three UK workers currently based exclusively at home, and the same level in the US, this remote working on a vast scale continues to be a major headache for the IT security bosses of companies large and small around the world.
And studies shows that many firms are not taking the issue as seriously as they should. For example, one in five UK home workers has received no training on cyber-security, according to a recent survey by legal firm Hayes Connor Solicitors.
The report also found that two out of three employees who printed potentially sensitive work documents at home admitted to putting the papers in their bins without shredding them first.
Meanwhile, a separate UK study last year found that 57% of IT decision makers believe that remote workers will expose their firm to the risk of a data breach.
"In the rush and panic to set remote working practices up, even simple data protection practices were ignored," says Christine Sabino, a senior associate at Hayes Connor.
"Companies did not provide additional security relating to computers, electronic communication, phone communication."
So what can both companies and home working staff do to make things as safe and secure as possible?
Ted Harrington, a San Diego-based cyber-security specialist, and author of Hackable: How To Do Application Security Right, says firms should have started by giving all home workers a dedicated work laptop. While many larger companies may well have done this, not all smaller firms necessarily have the resources to do so, but Mr Harrington stresses its importance.
"Supply staff with laptops and other equipment that are owned, controlled and configured by the company," he says. "This alleviates the burden on your people to set things up right, and ensures they follow the security controls the company wants."
Definitely don't have staff using their personal computers for work, says Sam Grubb, an Arkansas-based cyber-security consultant, and author of forthcoming book How Cybersecurity Really Works.
"The main problem with using your own computer to do work is that you are not limited in what you can do on it, nor are you necessarily the only one that uses it," he says.
"So while you might not be visiting a shady website to download movies for free, your teenage son could be doing that exact thing on your home laptop without you even knowing.
"This makes it much easier for malware or other attacks to happen. This might affect the work you are doing, or in a worst-case scenario, lead to the compromise of co-workers' devices, or other company devices such as servers."
Mr Harrington says that the next step is that companies must set up a VPN or virtual private network, so that remote computers have secure and encrypted connections with the firm's servers and everyone else in the company.
Mr Grubb uses a transport and wildlife analogy to explain how VPNs work. "A VPN is like a tunnel between two cities," he says.
"Instead of driving through the dark forest full of tigers, lions and bears, you drive through the underground tunnel, where no one can see you driving until you reach your destination on the other side.
However, even with work laptops, VPNs and the latest cyber-security software systems in place, staff can still make damaging mistakes, such as falling prey to a "phishing" email - a malicious email pretending to be a legitimate one in order to trick someone into handing over sensitive data.
Currently such scam emails doing the rounds include some that are pretending to be informing the targeted person that they have been exposed to Covid-19, or invited to have the vaccine. They ask the recipient to clink on the link, which then tries to download malware onto his or her computer.
For this reason, both Mr Harrington and Mr Grubb say that it is essential that businesses give staff proper cyber-security training.
"Firms should be providing training to help their employees understand the threats they face," says Mr Grubb.
Ms Sabino adds that both staff and their bosses need to do their bit. She says, for example, that employees should avoid talking about work on social media, while firms should give shredders to home workers who need to print things out.
With even the most cyber-security aware home workers just one click away from making a mistake, Mr Harrington says that firms need policies in place so that staff know who to immediately report a threat to.
"If an employee falls victim to an attack, make sure that they know a) who to contact, and b) that their outreach is welcome and won't result in termination," he says. "You don't want people afraid of repercussions and thus covering up mistakes."
Tsedal Neeley, a professor of business administration from Harvard Business School who is an expert on remote working, agrees that home workers should know exactly who to report cyber-security problems to. "Engaging with their firm's IT/cyber-security experts is crucial," she says.
Peter, the computer network manager, says this engagement should be frequent. "Users should be suspicious of anything that they are not 100% confident about, and it does not hurt to ask your IT department. It is better to check than be compromised."
Join Our Mailing List
All sign-ups are handled inline with our privacy policy and can unsubscribe at any time.
Recent Blogs
In a world where AI is changing how we work and compete, security is more important than ever. We are gathering industry leaders and AI experts for a special roundtable event. This event will focus on a key topic: AI security.
Microsoft 365 Business Basic offers a range of cloud-based services designed to empower businesses to work smarter and more efficiently. Let's delve into what this package includes and how it can benefit your organisation.
We’re excited to announce an informative webinar featuring Elliot Wilkie from Brigantia and Craig Atkins from 1-Fix, diving deep into the world of DMARC on 8th July at 2 PM . This is an essential session for anyone looking to secure their email communications, understand DMARC compliance, and enhance their email deliverability.
Businesses are constantly seeking ways to enhance productivity, collaboration, and security, all whilst managing costs effectively. Microsoft Office 365 presents a comprehensive solution that caters to these needs. Here’s a breakdown of the seven key benefits of using Office 365 for your business.
In recent news from Microsoft, there’s significant information affecting charity organisations that rely on Microsoft 365 for their everyday operations. Microsoft has announced that it will be discontinuing the Microsoft 365 Business Premium grant, which currently provides 10 free licenses to nonprofits, with termination slated for March 8, 2026 . Therefore, charities currently benefitting from this grant must prepare for upcoming changes.
Staying efficient and connected has never been more important for businesses. With the increasing demand for remote work solutions and collaborative tools, migrating to Microsoft Office 365 is becoming an essential strategy. In this blog post, we’ll explore the many benefits of Office 365 migration, how 1-Fix can assist you in the process, and how swift and seamless this transition can be.
