This blog is part of ACI Learning's month-long effort observing Cybersecurity Awareness.
When the pandemic struck in 2020, employers were forced to completely re-think where work takes place, as fear of spreading the virus forced an abrupt shift to remote work. Cubicles were deserted and suddenly, Zoom meetings from home offices were the norm. The switch to remote work kept businesses functioning while allowing employees to feel safe from the spread of the pandemic, but – ironically - it opened the door to a different kind of threat— cybersecurity attacks.
According to a global security manager at HP, cyber-attacks and hacking attempts increased about 600 percent in the United States because of the work-from-home shift. Across the globe, these attacks increased 300 percent overall. These reports have left many wondering how they can protect themselves and their organizations from cyber threats going forward.
Unique hacking opportunities
Working from home creates new cybersecurity vulnerabilities and can worsen existing risks that were always possible in the office. (Even the corporate standards set in place for secure passwords and safe practices can’t save an employee’s computer if their wi-fi password is “1234.”)
The increased use of in-home smart devices such as Amazon Echo Dot, Alexa, and even wi-fi enabled security cameras have left many homes vulnerable. These devices are always listening, storing, and sending audio files to their parent companies. Additionally, hackers can take advantage of vulnerable at-home networks by hacking into these devices, listening, and watching to obtain valuable company and personal information.
Even the presence of spouses, roommates and children in the home can be a security threat when it comes to sensitive company information.
These scenarios can present unique danger, but they are avoidable.
Policies to tackle the biggest work-from-home threats
So what can companies do to keep their networks secure while still powering a remote workforce? There are best practices for cybersecurity that can be implemented in the home to protect personal information and sensitive company data.
Company-mandated automatic software and program updates go a long way towards ensuring data stays secure, but remote workers are often using personal devices in addition to ones provided by the company. Teaching employees to update their routers and other smart devices can tighten defenses against potential future security leaks. Suggesting that employees set up automatic updates for all personal devices takes another step towards total cyber safety.
Even tablets and phones are susceptible to attack, contrary to widely held belief. While it seems that the same viruses that could go after your computer could never attach to your phone, this is not true. There are new viruses and scams focusing entirely on capturing mobile devices being created constantly.
Most people do not know that removing sensitive or personal information from their computer requires taking steps beyond moving it to their desktop recycling icon. This data lives on in the computer’s memory, and savvy hackers know exactly how to find it. Using secure programs to overwrite data can protect the information permanently. Check out these resources for permanently removing unwanted data.
The use of cloud-based project management and other collaborative tools can be incredibly useful for remote workers. Many organizations use cloud options because of benefits such as ease of use, real-time collaboration, and increased productivity. But each cloud service supplies their own level of built-in security measures, removing the ability for potential employee oversight to cause issues.
Organizations should implement cybersecurity training for all employees, update training and meet regularly on any changes. While most employees are tech-savvy enough to spot the most obvious phishing scams, hackers become wiser every day. Often, hackers are keeping track of cybersecurity training and learning ways around it, just as employees are. Even Facebook personality quizzes asking your favorite color could be searching for the answers to employee security questions. Especially in the age of remote work, employees must understand that company-wide cybersecurity is a group effort, requiring constant vigilance from everyone.
Companies and people at home looking to keep their cybersecurity tight should try their best to make it easy. When security updates and modifications are too difficult to keep up with, the process tends to be skipped over in favor of uninterrupted workflow. Schedule updates and any other cybersecurity tasks for a convenient time to minimize interruptions.
Awareness is just the first step
When it comes to cybersecurity, awareness is key. With so many generations in the workforce, tech savvy can vary widely. Making sure all employees feel informed and empowered about cybersecurity issues is essential in beginning a cyber safety initiative in an organization. The real challenge begins when you turn expertise into action.
Work-from-home positions are not going anywhere, and neither are hackers, so the corporate landscape must adapt. Investing in employee training, and maintaining it regularly, is a key factor in the future of cybersecurity. Investment in solutions for patching security leaks is essential. While it can be the most difficult step, communicating the importance and collaboration of cybersecurity to employees can help inspire action. In the end, it is up to everyone to protect cybersecurity, and armed with the right tools, any organization can fight the rise in phishing, ransomware, and malware.