Many temporary responses to the Covid-19 pandemic, such as telemedicine and grocery delivery services, have become new norms worldwide. One of these responses is WFH (work from home) employment models, which has also carried on into the post-pandemic world, with 35% of respondents in a McKinsey survey reporting an opportunity to work from home up to five days a week.
Likewise, a Pew Research Center study found that 41% of US workers employed in fields where WFH is possible now have a hybrid working schedule. While WFH allows employees to enjoy flexible working hours and lower commute costs, it also has its share of downsides, especially regarding cybersecurity. What is cybersecurity? It’s a practice of securing your gadgets and systems from cyber attacks.
WFH is often the biggest and most concerning culprit behind security breaches in organizations. Therefore, companies must be aware of potential WFH risks and their mitigation strategies, such as VPN usage and encryption. Let’s discuss these considerations in detail.
Common Security Threats in Organizations With WFH Opportunities
One thing is for certain; most people prefer working from home. In fact, 87% of employees embrace this opportunity when presented with it. Keeping this in mind, every organization should know the following security risks from WFH.
Creating an email policy or setting up a firewall can only do so much. Remote employees do not fall under the cybersecurity umbrella as they are not on the company’s premises.
In such cases, if employees use unprotected personal devices, they will not have the same defenses as those in the office network. Since most tasks require employee collaboration, there will be data movement across some unconventional perimeters. System access, video conferencing, and network access are also inevitable.
The inability of the enterprise to extend security controls across remote employees’ personal devices will make this data susceptible to unauthorized access and breaches.
Little to No Supervision
When employees work from home, cybersecurity teams cannot watch what they do on their home networks. So, they cannot step in to prevent an employee from falling for an email scam or visiting malicious websites.
Poor Data Practices
A recent survey found that only 32% of organizations require their workers to install security software on their personal devices from the IT department. Even worse, 17% of employees use their personal devices, like laptops and phones, for work without informing IT.
That means employees working from home may be downloading sensitive and confidential company information on their phones. They may even share this information through unsecured channels like unencrypted files and emails.
WFH Technology Vulnerabilities
The remote working tools and software employees use to collaborate are also vulnerable to cyber attacks. Employees untrained in cybersecurity practices can fall prey to these risks.
The problem becomes even more severe when there’s no cybersecurity team to manage security issues promptly, resulting in significant downtime and monetary loss.
Best Cybersecurity Practices for Companies With WFH Employment Models
As more and more employees demand flexible working hours, WFH is bound to be commonplace. Here are some cybersecurity practices remote employees must follow to reduce security risks.
Using a VPN
A VPN (Virtual Private Network) creates a private network where people can share and access information. It establishes an encrypted connection and routes traffic through it securely.
Also, VPN helps lower the risk of MITM (man in the middle) attacks. These attacks involve someone intercepting the transferred data between two parties, leading to a possible data breach. Furthermore, VPNs defend against ISP tracking and eavesdropping.
Employees should use a VPN both while working and when using their personal devices for leisure to minimize the risk of breaches and attacks.
Using an Antivirus
Malware, spyware, ransomware, and viruses might also enter work devices. Cybersecurity software keeps cyber threats at bay, removing them from the employees’
computers. For example, you can provide work devices to employees with pre-installed antivirus software.
Employers offering WFH flexibility should activate encryption on employee devices. Encryption encodes data in a way that only allows authorized parties to access it. Even if an MITM attack occurs, the information will not be intelligible to the attacker.