Staying motivated and focused, keeping your nose out of the fridge or the biscuit tin, and keeping away from the distractions of social media, all the while managing home schooling and childcare. There are many challenges to working from home – but also many benefits: no need to dress up, no long commute, more time with the family.
Security is another challenge, but may not be at the top of the list, particularly for those unused to working remotely.
Keeping sensitive or company confidential information private
People behave differently when they are in different environments, and this is equally true for work. When working from home there is often a tendency towards a more relaxed approach, and in an unfamiliar environment it is easier to make mistakes as the recent survey by CyberArk highlights: https://www.businesswire.com/news/home/20200603005158/en/Remote-Work-Study-Cyber-Habits-Home-Threaten
People may be using different computers/devices or different applications and they won’t be surrounded by colleagues to ask when they have a question about the changed look and feel of the IT experience. Even those with a work-issued laptop, may find that applications look different to how they do in the office, for example, the need to use additional authentication during login, or to use a Virtual Private Network (VPN).
For all these reasons, people can be more susceptible to phishing and other cyber attacks; they’re in a different environment, using different systems, with different distractions. When everything is a bit unfamiliar, stress levels will be higher, and the ability to absorb new ways of working diminishes significantly. In our recent webinar Industry Leaders discuss the additional stresses of home working, and how to combat some of them: https://www.information-age.com/avoid-the-consumer-apps-how-to-collaborate-securely-and-productively-in-the-finance-sector
As well as an increased number of attack vectors, there are risks within the home
Shared devices – children using work laptops for home schooling may be going onto social media sites, clicking on unsafe links, downloading apps, etc. The CyberArk survey reported that 29% of homeworkers admitted allowing other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping. There are arguably as many risks in sharing your work device for non-work activities as there are in using an unmanaged device to access the corporate network.
Shared spaces – couples both working from home may be sharing a single office space, or the dining table. This can present a myriad of issues, from overheard conversations within the household, to neighbours overhearing sensitive discussions via open windows/doors. Screens may be on view internally and externally, yellow sticky notes with passwords left lying about, or paperwork left where others can see it. At the very least, people should have secure home storage for papers and laptops.
Conference calls – we’ve all seen the videos that went viral of news reporters talking to camera as toddlers or pets appear in the background. Where possible family members or housemates need to respect conference calls and those taking part in such calls should use headphones or earbuds with a microphone.
Extending the perimeter – cyber security at home
For years we have been warning against using WiFi in coffee shops and hotels, now organisations are reliant on the security of home WiFi!
There are increased challenges for corporate networks too, as they now need to learn to distinguish which ‘new users’ logging in from unknown IP addresses are staff working from home, rather than adversaries trying the hack the system.
People that are already stressed due to unfamiliar work routines and trying to balance work with additional home/family distractions are clearly more susceptible to the huge increase in COVID-19 themed phishing scams.
All of this means that IT and Security teams need to make extra efforts to keep remote workers safe. They need to show empathy and an understanding that security best practice is not second nature for non-techie home workers. They need to be prepared to provide extra training, but even that is not a silver bullet. As we’ve said plenty of times, security needs to be baked in, transparent to the user, and so easy to use that there is no temptation to look for workarounds.
Using the right tools for the job – what a genuinely secure app looks like
As was debated during the panel discussion at our recent Webinar (https://www.information-age.com/avoid-the-consumer-apps-how-to-collaborate-securely-and-productively-in-the-finance-sector/ ), apps are here and they are the future. Organisations need to introduce Secure Enterprise Apps and give users the right guidance and support to use them. Our webinar demonstrates just how useable a genuinely secure communications app can be!
The security flaws in services such as Zoom and MS Teams have already been well documented https://www.bbc.co.uk/news/technology-52133349 with the new phenomenon of Zoombombing where miscreants join calls uninvited to listen in or hurl abuse. Consumer-grade apps, whether on the desktop or mobile devices, give no control of users on the system and no constraints on where confidential messages and attachments can be forwarded to. There may be claims of end-to-end encryption, but what does that really mean? Do users understand what metadata they may be giving away to application vendors – data that can be highly valuable/useful in the wrong hands.
Consumer apps used for business where there is no audit, control or accountability, is a GDPR fine waiting to happen.
By providing the specific business apps to people to use for work, organisations can help their staff to delineate between business and social, keeping data safe, and separate!
As always, the NCSC gives some great guidance around working from home, how to communicate with staff and steps to take to ensure business data is kept safe; take a look at https://www.ncsc.gov.uk/guidance/home-working
