When Covid-19 hit, millions across the globe were forced to work remotely. This emerged many security risks throughout organisations, such as lack of remote-working security training, rushed technology deployment, and the presence of untrusted individuals in a remote-working environment. As organisations emerge from a continuity position to a more recognisable BAU posture, they are looking to quantify and mitigate risks posed by their remote workforces, often compromising employees’ privacy (including personal information and activities).
Overnight, employees were expected to understand how to work from home, however they were practicing the same security practices as being in an office. When in fact, there are more security precautions employees should take when working from outside the office, i.e., the external network. For instance, listening devices in employee’s homes or insecure IoT technology in vicinity of sensitive work conversations poses new risks to organisations. Almost 2 years later and organisations are still deferring the adoption of a mature security awareness program. And with many businesses adopting a ‘Bring Your Own Device’ (BYOD) policy, alongside an increased presence of untrusted individuals in public working environments, pose more of a risk to business’ sensitive information. Using a personal device, leaves users, and businesses more exposed to cyberattacks.
Working remotely brings a new set of distractions to employees, with children running around or the post man knocking on the door. It only takes a second to lose focus and accidently click a link. Studies have shown employees being distracted by working from home has helped 47% of phishing scams becoming successful. Training employees to learn on how to work securely is becoming recognised as a necessity by many organisations. The end goal is to have the employees perform at an unconscious competence level where they know something so well that they don’t have to think about it. There has been a 600% increase in reported phishing attacks due to Covid remote working. 44% of those reports showed no cybersecurity training provided to their staff on the threats of working from home.
Post-pandemic, there is now a preference for remote working as it brings significant benefits such as reduced exposure to the pandemic, commuting costs, more scheduling flexibility, etc. And with overlapping and additional benefits, we are seeing a trend where organisations adopt new long-term hybrid work models. Let’s focus on the top security concerns that remote working creates; GDPR, phishing, password security, unsecured home devices, unencrypted file sharing, and open home Wi-Fi networks. All these security challenges require the employee to be properly trained to understand the best security practices to protect their own and the organisation’s data, and organisations have varying degrees of ability to manage or control staff working environments.
Nowadays, hackers are taking full advantage of recent remote working initiatives as staff are more exposed in contrast with working from internal networks like business offices. Technology is always evolving, and attackers are often one step ahead with new techniques to try and hack us. Therefore, it is essential for security awareness programs to be an on-going practice and not a one-time/annual event. Does your company provide security training? Is it the boring computer-based learning where you stare at a screen and just click “Next”? To speak with one of our security awareness experts, please or check us out on LinkedIn.