Home News The 5 Big Security Risks of Working From Home (and How to Avoid Them)

The 5 Big Security Risks of Working From Home (and How to Avoid Them)

August 16, 2021 Richard Expert advice

The security risks around working from home have been on every business-owner’s mind since lockdowns began in March 2020. With restrictions recently lifted across the UK, employers now face decisions about how and where their staff work, with many considering alternatives to a simple return to the office.

The home-working trend is here to stay, with possible benefits to both employees and businesses. But have you covered all the possible risks to your business due to staff working from home?

Cyber security when working from home

Home-working during the pandemic showed that the traditional office-based environment isn’t always vital for success. In fact, a large number of employees thrived at home, as outlined in this survey by Global Workplace Analytics.

With this in mind, many companies are now looking at either a hybrid of home and office time to foster a happier workforce, or even allowing staff to continue working remotely, enabling firms to scale down their bricks and mortar premises and cut operational costs.

The level of risk and the number of concerns you may have about remote working security could largely depend on your industry or business sector. Granting remote access to sensitive data and customer details can carry a great deal of responsibility, especially if you work in the legal fields, accountancy, customer services, finance, insurance, real estate and other sectors that routinely handle highly personal information.

While your staff are based in the office, you can be reasonably certain of your own security measures, firewalls, database access, virus protection and document visibility. However, at home, the same precautions might not be in place. What can go wrong?

Security risks of remote working

Most risks are caused by simple bad habits. In their own home, employees might admit to feeling less under the watchful eye of the IT department and naturally more inclined to live by their own rules. These habits may not seem like a big deal to employees on a day-to-day basis, but can lead to a false sense of security and create vulnerabilities in your systems. The five main problems to bear in mind are:

No 2FA

While two-factor authentication is becoming standard across many sectors and applications, it’s something that not all people will think to implement from home devices.

Using personal email accounts for business purposes

This could introduce sensitive information to a less-secure device or online environment where there is a greater risk of exposure to hacking.

Using business email for personal activities

The reverse of the above can mean a business account will now become added to various personal marketing lists. These can be scraped by hackers or bought for phishing purposes, causing malicious emails to be sent to your servers.

Unsecured Wi-Fi

While most people use password protection at home, there are a frightening number who don’t when roaming or working in a coffee shop, for example. This potentially provides a window onto your business systems to anyone who is curious enough to look.

Using personal devices to run mobile app versions of meeting software

Everyone got used to applications such as Zoom or Teams, but perhaps were not aware of the risk of meetings being invaded or monitored.

Also, on a non-technical level, there are potential physical risks to the security of business information. Monitors or device screens may be visible to partners, family or visitors, who might also get to overhear sensitive conversations. While this falls outside of the realm of IT, the security of a worker’s environment does influence how well your IT measures will work, and is something all businesses need to consider.

What threats could this make you vulnerable to?

With your systems possibly open to attack due to gaps in online security while staff work from home, the five biggest security threats you face could be:

Phishing emails and malware

Without a company firewall or similar blocking suspicious incoming emails, the chances of a message that might appear trustworthy on the surface but in fact contains a link to intrusive hacking software or ransomware are much greater. You could find that your systems become corrupted, encrypted or used to send out further malware.

DDoS attacks

Short for ‘distributed denial of service’, hackers will use bots to submit a torrent of requests or enquiries to your systems, therefore overloading them and making them unable to carry out the tasks necessary for the running of your business.

Theft of client details

Hackers are continually looking to harvest personal details and databases from companies. They can then use this information to target for further phishing campaigns, to attempt access to your clients’ other business or social media accounts (especially if log-in or password details have been included) or to sell online to the highest bidder.

Identity theft

The malware installed in your systems via any of the means mentioned above can wreck all kinds of havoc in your name. From sending out false invoices to all your clients, to bogus Zoom meeting links leading to aggressive software or even fake messages to your employees, hackers can cause those who trust you to take actions in their favour. It can take an eternity to recover your reputation after an attack like this, and the hit to your finances could be too much for your business to take.

Malware looking through home device cameras

The interface where the digital world meets your physical environment is a prime opportunity for hackers to, at the very least, invade your privacy but also potentially spy on meetings, read commercial documents and check the background of your room for valuable items or sensitive information (perhaps on display boards, etc.).

Working from home security best practices

There are a number of measures you can employ to ensure your employees are operating in a safe and secure way when they work remotely. The below lists are not exhaustive, but provide ideas that should be quick and easy to put into practice.

Working from home: recommendations for employers

Define and document your WFH security policies – put your rules and recommendations in writing for things such as passwords, use of personal emails, etc. Sharing this openly with all employees is the best first step to raising awareness and getting everyone working for you on the same page when it comes to online security when working from home.
Ensure your staff use business devices for work – this way, you can be sure your employees are working in a more secure environment and supported by company-wide anti-virus software.
Ensure staff use a VPN to access business systems – a virtual proxy network provides a vital secure barrier. This needs to be set up properly by professionals and the security patches updated regularly.
Introduce 2FA for all access to business platforms – vital to ensure that those logging on to your systems are who they claim to be. There are a number of trusted authenticator apps to choose from online, such as those provided by Google or Authy, for example.
Train staff on all the potential threats – when people know how to spot phishing emails, deal with potential malware situations and generally keep commercial or personal data safe, your business will be inherently more secure at its core.

In addition to the above, you might require more support in the rare unfortunate cases where you need to remove an employee’s access when they leave your company. This will be necessary to prevent access by any unauthorised third parties (known or unknown) if their details fall into the wrong hands.

Working from home: top tips for employees

Install anti-virus software – it seems obvious, but it’s worth re-stating the importance of having internet security present on the devices you use for business at home, and keeping it updated. New viruses and malware are introduced to the world wide web every day.
Keep devices secure – make sure screens are not visible to friends, family or visitors, or that devices can’t be tampered with by children. For mobile devices, you should also enable the functions to find them and wipe them remotely in case they get lost or stolen.
Practice camera security – pay attention to when your laptop camera or separate digicam is turned on, and what is visible in the background. To make sure you are not inadvertently being spied on by hackers, you can cover the lens or unplug the camera when not in use.
Use a password manager – this provides a safe and easy-to-use way to keep your passwords strong, secure and unique. Too many people use the same password for a host of various applications, accounts or websites. A password manager means you can have different passwords for each activity without having to remember them all. But you’ll need to have a 2FA app!
Isolate your network from Cloud-based streams – is your home network also linked to communications or entertainment providers like Nintendo Switch or RingCentral? These could provide hackers with seemingly innocent ways into your network.

In addition to the above, you can take extra measures to secure your Wi-Fi. As well as changing the password, SSID and name of your network by logging into the settings to make it more difficult for criminals to identify and access your network, you can limit access and enable network encryption.

This can become very technical. Never hesitate to ask for assistance from your firm’s IT support, and always make sure all software updates are running automatically.

Want to be sure your business and employees are protected?

Are you considering giving staff more flexibility to work from home, or perhaps even switching to a completely remote workforce? Give us a call on 01473 599020 or email hello@comms-unite.co.uk to find out your options for making your systems secure.

We’re here to get it done, and won’t stop until everyone’s happy.