At the issuance of lockdown orders, working from home largely sounded like heaven for most employees and even companies as they saw the opportunity to work on largely their own terms while saving on various overheads. This joy however overlooked the ever existing security concerns associated with millions of workers moving from the office to a remote model. Furthermore, the work-from-home new normal has created a seemingly nonchalant attitude towards cybersecurity as staff often interchange work and family tasks with little support or structure to uphold security best practice.
As such, there is a real risk that your remote staff may be unknowingly putting your company’s data at risk. WFH can potentially lead to data breaches, identity fraud, and a host of other negative consequences for your enterprise.
At DataGroupIT we’ve compiled a list of some of the most notable cybersecurity risks we’ve observed as vulnerabilities to organisations.
File sharing
It is standard practice for companies to encrypt data that’s stored on their network. However, they may not be as diligent in encrypting data that is moving from one place to another outside the parameters of their intranet.
As sensitive information is on the move on a daily basis it makes it particularly vulnerable to interception which can lead to identity fraud, ransomware attacks and the like. Due to the nature of this information, it is therefore essential that encryption be prioritised outside of the traditional work environment, equally as it was prioritised within the organisation.
Phishing attacks
When business operations suddenly or temporarily transition to remote work, staff may become confused as to how to continue to work securely. Phishing is a cyber-attack method that consists of trying to gather personal information using deceptive e-mails and websites. According to America’s Federal Burea of Investigation (FBI), there were ±241 000 phishing attacks in 2020 alone and the number keeps rising.
The primary goal of a phishing attack is to trick the email recipient into believing that the message is something they want or need by masquerading as a trusted entity of some kind. For instance, it may present itself as a request from their bank, a note from someone in their company or a company the victim might regularly do business with.
Home & Public Wi-Fi
Companies usually go to great lengths to secure their remote employees’ work laptops but many do not consider how the Wi-Fi networks that their employees work off of at home may be posing a risk to the security of company data. Here’s a quick question, how often do you update your home router software? Or is that something you just assume your service provider does diligently?
Similar to when updates aren’t completed on other devices such as your smartphone, routers that aren’t updated won’t have security gaps patched, which can lead to data breach risks over time. Additionally, people do not generally utilise security measures such as firewalls on the home networks.
Personal devices
In the absence of a strict company cyber security policy, employees may use personal smartphones and home printers to conduct business remotely, these devices can pose a vast array of security risks. For example, a common trend is the utilisation of work being conducted on a personal mobile device for phone calls, logging into business accounts and the like. This data can potentially be accessed by hackers unless the phone is encrypted.
90% of organizational leadership reported an increase in cyber-attacks since the world stayed home. The main assignment was to ensure that employees had virtual private network (VPN) connections to the network. However many found this to be an overwhelming and time consuming process and as such, this has resulted in undetected security vulnerabilities, which will continue to impact businesses in the months ahead as they continue to adapt.
The silver lining though is that automation to aid enterprises in securing themselves has become more relevant than ever.
For instance, companies rely on cloud computing to work remotely, so why not rely on the cloud to protect systems remotely? Enlisting the services of a managed security service provider (MSSP) can provide the security support that would otherwise be missing when working from home.
A workplace culture of strong cyber security must be instilled company-wide. Security awareness training programs are a must for any organisation and must be implemented from the moment new employees are on-boarded into the enterprise.
DataGroupIT’s 6 Pillar Model allows us to take a strategic and ongoing approach to customers’ security needs, in order to build a long-term plan for a customized cyber security strategy with the best-in-class global security vendors.