Working from home: Cybersecurity risk

The short-term security solutions implemented to enable working from home en masse at the beginning of the pandemic have increased the levels of risk to businesses, many of whom are now moving to implement future-proofed solutions.

While remote/home working was far from a new concept when the stay at home restrictions were introduced, the scale of mobilisation required to rapidly equip the majority of a nation’s workforce to work from home was unprecedented.

Something that might have taken one organisation years to pilot, policy up and roll out was necessitated in days if not hours. However, while the agility of many organisations to restructure their business office model has been commended, concerns have also been raised around security vulnerabilities.

As businesses and organisations expanded the breadth of their ‘attack surface’, the culmination of networks and systems used for work, they also enhanced the level of cybersecurity risk. However, with many implementing fast-paced and short-term remote working solutions in response the pandemic, there is recognition that remote working in some form will remain beyond the pandemic and must then be factored into business security plans.

Although current research on security risks to businesses and organisations during the pandemic is far from extensive, a survey carried out on behalf of IT solutions provider DataSolutions offers a glimpse of what risks businesses may be faced currently and into the future.

In December 2020, one-in-10 Irish office workers said that they had been targeted by cybercriminals since they began working from home when the pandemic began, while almost one-third admitted to feeling vulnerable to cybersecurity risks while working from home.

Given the pace of the switch to home working for many, it is unsurprising that as many as 57 per cent of respondents said that their company had not provided additional security training to prepare them for working from home. Potentially more surprising is that 56 per cent said that they were using their own personal device, which often lack the same protections or capability for monitoring as work devices. Furthermore, one-fifth admitted that they had shared or stored work documents on personal devices.

Cybersecurity risks to businesses come in various forms, the most obvious being lost or stolen devices containing sensitive material. At a basic level, this risk has dramatically enhanced given the increased mobility of the workforce.

A further obvious risk is that in relation to phishing communications. Vulnerabilities in relation to phishing communications were increased not only because a large cohort of workers were without security systems afforded by the office systems such as firewalls or blacklisted IP addresses but also because cyber criminals sought to exploit Covid-19 related fears.

Google counted more than 18 million malware and phishing emails related to coronavirus on its service everyday in April 2020 alone.

The 2020 Cisco Benchmark Report, which surveys almost 3,000 security leaders globally, highlights how the shift to remote working has changed security priorities. Mobile devices have overtaken user behaviour as the biggest challenge to protecting the mobile workforce, with the report pointing to 52 per cent of respondents stating that mobile devices are now “very or extremely challenging” to defend.

Remote working, to some extent, is set to be a permanent feature of the future of work. The Government’s remote working strategy has outlined a 20 per cent target for the public sector, with expectations that the more agile private sector will also see high uptake of remote working within a hybrid model. Over a year on from the mass switch to working from home, businesses should be looking at not only mitigating security risks of the present but also delivering solutions for the future to keep them secure.