CRIMEWARE: Cybersecurity While Working from Home

More employees than ever are working from home, and 85% of Chief Information Security Officers (CISOs) said that they had to sacrifice cybersecurity to quickly enable them to do so. Cybersecurity vendor Netwrix announced this and other findings from a June 2020 survey conducted to determine how organizations are responding to the work-from-home changes brought by the pandemic. Other findings include:

  • 25% reported suffering a ransomware or other malware attack during the first three months of the pandemic; 47% were able to spot it in minutes.
  • Though only 14% of organizations encountered data theft by employees, 66% are anxious about this scenario, compared to just over half pre-pandemic.
  • 63% reported an increase in the frequency of cyberattacks and 60% found new security gaps as a result of the move to remote work.
  • The most common threats experienced since the transition to remote work share a human factor: phishing (48%), administrative mistakes (27%) and improper data sharing (26%).

“Many companies were caught unprepared when cities and states issued mandatory stay-at-home rules,” said Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers (IAITAM). “Now, the rubber is going to meet the road when those companies, which are struggling not to be crippled by COVID-19, try to keep the cash flowing by having employees at home call or email for credit card information, print out invoices on untracked home computers, and send them out on personal Wi-Fi networks.”

A study by cybersecurity firm Tessian found that 52% of employees cut corners and engage in riskier online behavior when working remotely. Distractions and pressure to get their work done quickly are affecting how people work.

At a minimum, employees working from home should observe these eight best practices for working remotely:

  • Avoid public Wi-Fi. If you must connect from a public location, use personal hotspots or a VPN.
  • Keep work data on work devices. It is unlikely that your personal devices have the same levels of security as those maintained by your company IT department. By using your personal devices on your company’s network, you may be putting the integrity of the company network at risk.
  • When working near others, block the sight lines so they cannot see your screen. A few bits of information captured while looking over your shoulder may be all a bad guy needs to hack into your personal or business accounts.
  • Encrypt sensitive information in emails and on your device. Encryption keeps unauthorized persons from intercepting and reading your data.
  • Lock your doors. Part of data security is keeping your devices physically secure to prevent theft.
  • Never leave your devices or laptop in your car. That includes the trunk. Thieves can quickly strike if you step away.
  • Don’t use unknown thumb drives. Hackers are known to drop thumb drives near companies they are trying to attack, knowing that some employees will pick up the malware-loaded drives and use them, giving the hacker access to the company’s data.
  • Use a USB data blocker when charging your device at a public charging station. It is best not to use a public charging station but, if you must, use a data blocker to prevent possible theft of your data or installation of malware on your device.

Working from home due to COVID-19 presents both risk and opportunity for employers and employees. It is likely that we will see new technologies develop that will minimize risks while taking advantage of the opportunities. In the meantime, following smart security protocols will go a long way toward maintaining your organization’s security.