Cybersecurity: With the possibility of being maintained in organizations, the home office raises several new challenges. One of them has to do with cybersecurity.
According to a Microsoft survey, 26% of remote workers said they had experienced a cyberattack in person, and a similar percentage expressed concerns about home office security.
This indicates that organizations are playing big and paying for it when it comes to cybersecurity in the home office.
Another data from the same survey is that 50% of organizations that let their employees work with their equipment say that they do not have any corporate policy to regulate how they are used, such as offering antivirus software and guidance on connections to home routers.
According to the research, this shows the unpreparedness to face cybersecurity issues in the home office. At the same time that unprecedented numbers of people are working from home, the security risks that can arise with employees working from home are greater. Remote workers become easy targets because there is no investment in cybersecurity at home as in business. Thus, security measures that the organization already adopts do not always apply directly to protecting teams at the home office.
No wonder IT managers worldwide are experiencing difficulties at this time, requiring quick decision-making and action.
With that in mind, in this post, we will outline some ways to escape more significant problems, starting from the main cybersecurity problems that affect the home office.
Lack Of Cybersecurity In The Home Office: Occasion Makes The Thief
In her course on Governance and Strategy in Information Security in Business, Andréa Thomé, an expert and consultant in the field, explains what is called the fraud triangle, which causes cybercrime:
- Pressure: Obtaining advantages such as financial and professional growth, power, etc.
- Opportunity: visualization of inherent weaknesses that can be exploited
- Rationalization: set of values, ethical and educational principles which can prevent or motivate the execution of a crime.
We can, from the fraud triangle, understand how cybercriminals are exploiting loopholes caused by:
- High-pressure corporate environment, with sudden drastic changes, quick decisions and actions, increased competitiveness and even cost-cutting;
- The fragility of cybersecurity in the home office and cyber risk management;
- Little attention and awareness of users.
An example of a recent cyberattack was the malicious app developed as if the WHO legitimated it. Anyone could easily mistake the fake app for a real one. The app would activate a banking trojan upon installing it to steal sensitive user data and the rest of the story you already know.
The awareness of the fragility of processes and people makes cybersecurity in the home office a growing problem – not just within organizations but also in suppliers and contractors.
How To Ensure Cybersecurity At The Home Office
In cybersecurity, as in all security areas, the job is not to eliminate all risks, not least because not all chances are equally dangerous or dangerous in the same way. Also, the risks you face today will not always be the same risks you meet next week.
Cybercriminals are monitoring various opportunities, and, in addition to being trained, they are relentless in their pursuit. So the job is vulnerability management. So, think about your company’s main ones right now, and act on the following fronts.
Determine Cyber Security Weaknesses In The Home Office
It is already clear that the modus operandi of all the teams within the organization is different from those who have all of them at home, eventually working in open networks or with their equipment.
So, answer which employees are using their machines? How is the information being handled and stored? What threats put the organization’s processes and assets at risk, and to what degree? How critical is each of them?
Relate vulnerability to criticality to prioritize urgent solutions and clarify what risks and threats the organization can withstand.
Approaches To Invisible IT Systems
Invisible IT systems that are not monitored because they are not official are already quite familiar. The point is that the use of invisible IT has grown in the home office. For example:
- 49% of respondents said they increased the frequency of using personal email ;
- 60% said they now use messaging apps more often ;
- 53% of respondents said they use file-sharing services more than ever before.
Review whether official channels are sufficient for the home office and your policy on invisible IT systems to clarify what can only be shared through them and never through unofficial media.
Home routers are gateways sought by cybercriminals because they give access to many vulnerabilities. And in the home office, crackers take advantage of the connection of many people working from home who do not have the same security as the one they have in the office. For example:
- separate the work network from other home devices that connect to the internet;
- Adopting a VPN to establish a secure connection and encrypt all browsing is an excellent way to protect assets, even if the employee’s home router is hacked.
VPN extended a secure connection to homes. However, be aware that the VPN has vulnerabilities and is actively exploited by cyber criminals, especially when home networks are already infected.
Strengthen Authentication Procedures
Do not hesitate to re-evaluate authentication procedures and opt for two-factor authentication for all critical programs. The lack of hygiene of people with passwords is recognized.
In addition, reiterate the need to create a solid and complex password – with at least eight characters between letters, numbers and other signs –different from the others for each system. Also, remember that all passwords need to be changed every three months.