In a study conducted by the security awareness provider, a clear majority of IT and cybersecurity specialists in organizations acknowledge the increased risk that hybrid work presents: 9 out of 10 respondents state that the threat landscape has worsened, and 75% say mobile work has contributed to this.
While enterprises are well aware of the increased security risks of remote work, employees are not - and often have a false sense of security when in their homes. With increasing proportions of employees working remotely during winter and sickness periods, SoSafe warns of the biggest risks of remote work and provides simple tips and solutions to help mitigate them.
The biggest risks of working from home:
• Insufficiently protected workspaces: With more employees working from home, there are an increased number of channels cybercriminals can use for their attacks. Organizations therefore need to secure further endpoints, networks and software. This leads to less oversight for security teams – as not all used technology can be checked by their security monitoring. If at-home workplaces are not sufficiently protected against third-party access, criminals are able to obtain company data more easily. This requires the awareness of every single employee at home, now more than ever.
• Perfect conditions for social engineering and phishing: With remote work comes an increased dependency on digital communication. Employees get used to business requests delivered only via mail. This provides perfect conditions for cyber criminals to start well-engineered phishing attacks. Employees working remotely click on phishing emails at three times the rate of employees working from the office.
• Lack of communication with co-workers: These click rates are also accelerated by a lack of direct communication with co-workers. Without this communication, it is difficult to verify information, requested actions or be aware of all company developments.
• New communication and collaboration tools needed: As face-to-face communication is no longer possible, new communication and collaboration tools, such as Slack or Zoom, are used. These offer new gateways for cybercriminals – not only for the attack itself, but also to obtain information for their next social engineering attack. Voice cloning and deepfakes in particular are currently on the rise.
• Bring-Your-Own-Device: Many employees make up for the lack of company devices by using their personal laptops or smartphones for work purposes, and the company’s IT department cannot inspect these devices for irregularities or ensure the needed technical defense systems are in place.
• Vulnerable employees due to uncertainty and upheaval: New working conditions and an unpredictable environment make employees more vulnerable as they are less concerned with security guidelines and more likely to make errors. The potential risk increases - half of all employees click on phishing emails sent during the implementation of collaboration tools, with attackers exploiting topical issues for manipulative cyberattacks by phone, text or email.
Dr Niklas Hellemann, CEO at SoSafe, said: “Remote and hybrid work is here to stay, and businesses must address the host of new risks this brings.There’s no question that technical precautions are indispensable in the constant battle against security breaches. But the large-scale shift to remote work means it’s more vital than ever to build and reinforce a strong ‘human firewall’ - protecting organizations and individuals both in the office and at home.
While employees may feel more secure in their own homes, cybercriminals exploit the special circumstances of remote work and use well-engineered attacks to gain access to company systems via employees. In a time of sustained uncertainty for workers under increasing pressure, that vulnerability is massively increased. This is why organizations should keep their employees informed about security risks in their home office, empowering them to know about threats and react accordingly.”
SoSafe’s tips for working securely from home:
• Practice regular cyber security awareness training: inform yourself regularly about cybersecurity threats and new developments to establish sustainable security behaviors – this will protect companies and individuals both in the office and at home.
• Verify information and requested actions: If a project or information is completely new to you or the requested action is unusual or putting a lot pressure on you, give your manager or colleagues a call to verify it.
• Make sure your system and programs are up to date and follow the instructions of your IT and Security teams.
• Store documents and portable data storage devices somewhere your family and guests can’t access them.
• Always lock your screen or computer when you’re not in front of it and ensure it’s not visible to others (such as through a window).
• Ensure you only use password-protected WiFi and connect to your company network via a VPN - and only use Cloud tools that are approved by your IT department.
• Never connect uninspected external data storage devices (like USB flash drives) to your work device.
• Make sure confidential or sensitive documents are destroyed, unrecognizable or illegible before throwing them away