The cyber security risks of working from home
The number of people working from home has escalated worldwide in the last couple of weeks as governments in many countries have instituted national lockdowns to contain the spread of the Covid-19 coronavirus during the current pandemic. Every country in the world has its citizens becoming vulnerable to the spread of this infectious disease and not even the various world wars in the last couple of centuries had such a global effect as this particular virus is having. Many people in the world have jobs that have them working from home already but with the lockdowns in China, other parts of Asia, Europe, the UK, United States of America and parts of Africa, including South Africa, with most other countries likely to emulate the practice in the near future, the number of people starting to work from home has grown to an unprecedented scale worldwide. Those that have worked from home prior to the lockdowns have typically had the tools (such as laptops, tablets or dedicated work computers) and resources such as fibre connections for internet access to perform their tasks reasonably safely. Many of those recently sent home to work, however, are needing to improvise given the time constraints and have taken their work computer home with them. They have often also needed to start using their home wifi connection or mobile data if they don’t have fibre installed yet and most of their equipment isn’t set up for remote access with the necessary firewalls, endpoint protection, Virtual Private Network (VPN) configurations and other cyber security protection. This is making these particular individuals especially vulnerable to being targeted by cyber criminals who are notorious for taking advantage of situations like this to hack into such devices. A company’s cyber security is only as secure as its weakest link of course, and that link could well be the home user who has access to the company’s servers and files without the necessary security in place.
And then there’s the issue of who gets to use the ‘work’ computer in the home. Is it restricted to work use only with no access to Facebook, LinkedIn and other social media apps that are often restricted in the office environment? How does one manage what remote computers are used for? Do the user’s children (or other family members who might not be that tech savvy) have access to the computer for gaming, sending e-mails and browsing the internet? What about the physical security of the devices themselves? Does the user keep the devices stored in a safe place where they can’t be stolen during a break-in and their contents compromised? Keeping the likes of CRM databases in the cloud, such as Maximizer CRM, as well as accounting software (such as Sage) and email systems (Mimecast, GMail and the like) ensures that the data contained in them can’t be compromised in the absence of the user, provided they have logged off from them when leaving their computer unattended. Many schools and universities around the world are now making use of Zoom which is sky-rocketing in its use for online lectures and interactions with the staff at their institutions during the lockdowns and is important to understand the security risks of using such applications. Zoom doesn’t have many security problems per se as the publishers are on the ball with keeping on top of security issues, but it does have potential privacy problems. One shouldn’t open meetings in Zoom with no password or with a public ID as it makes the meeting attendees vulnerable to unauthorised 3rd parties logging in and sabotaging the meeting or obtaining confidential information. Microsoft has also been giving a great deal of attention to ensuring that their Teams app for such group meetings is sufficiently secure.
Home workers also need to be aware of the various cyber security threats out there as they may not get the same protection from such threats as an office worker does with the established security protocols and necessary software and skilled IT people at the company’s premises. Spamming, phishing and ransomware attacks are on the increase once again during the lockdown crisis and home users need to avoid falling prey to such attacks.
Updating software on devices is very important and this includes not only computers but laptops, tablets and mobile phones as well because not updating the software regularly makes such devices vulnerable to the latest cyber security threats which are constantly evolving. Microsoft Windows XP, for example, didn’t have any built-in firewall when the software came out and Windows 7 is no longer supported with updates, so any computers running these operating systems are definitely vulnerable to cyber attacks. Solutions like the F-Secure Total home user solution from local cyber security company Cybervsion includes a personal VPN as well as wifi and banking protection in addition to protecting against malware, viruses and ransomware.
Doing effective backups is also of critical importance to those working from home. Once again, working in the cloud reduces this risk substantially but any user with important information on their devices needs to make sure that it is backed up properly – ideally also in the cloud on a daily basis but somewhere else on a regular basis as well in case the cloud backup gets compromised in some way.
Ideally, a company’s management needs to ensure that the right policies are put in place with the necessary skilled IT staff to manage the company’s remote resources and the access to company data that work-from-home employees have. Neglecting doing this can only lead to unnecessary challenges for the business that could cost it substantial amounts of money, which needs to be avoided at all costs during these difficult times. It is also in the interests of all of the staff to assist where possible in order to protect the business and the security of their jobs.
Written by Grant Chapman.