Remote Work - the New Normal?
4 Key Information Security Risks for Home Workers
The Age of Remote Work: For millions of people across the globe, 2020 has seen seismic change in the way in which people work. According to data from the Office for National Statistics, a mere 5% of the UK labour force worked predominantly from home in 2019, a figure which has increased dramatically since the pandemic.
With many countries banning any non-essential travel and remote work being encouraged and assumed whenever possible, it is likely that we will see a significant increase in out-of-office work long after lockdown has come to an end.
During this unprecedented time, it is unsurprising that many have faltered. Research suggests that around 29% of companies did not have a business plan to protect their network during a major crisis, as well as 86% of companies, between February and March of this year, experiencing security disruptions.
As well as these disturbing facts, 73% of surveyed employees working from home have not received any specific cyber or information security awareness guidance or training.
Though the cost of the pandemic is unquestionable, with trends pointing towards remote work becoming the new norm, it is time that those who are fortunate enough to be able to work from home, learn how to work securely.
Four Key Remote Work Tips
With face-to-face communication now essentially impossible, the use of video conferencing software, such as Zoom, has now become common practice for both professional and social interaction.
Because of the external imperative, many users and companies quickly adopted remote work solutions without a complete understanding of the security standards of many of these companies. Zoom for example, originally proclaimed to offer end-to-end encryption, a claim which was later understood to be inaccurate.
But it is not just the inherent security of the software which users should be wary of, it is also the way in which they are used.
Many video conferencing products offer the option to ‘lock’ meetings once all participants have joined, a feature which can undoubtedly help protect confidentiality. Likewise, meeting ID’s should be protected and only shared with authorised individuals; as in some instances, all that is required for entry is an onscreen code.
It is also advised that meetings are only recorded when necessary, with confidential information being shared with the same access control as prior to remote work.
Dependant on the type of software being used, there are many controls available, and whichever you choose, these controls should be both understood and utilised.
Although typically safer than a public Wi-Fi network, your home internet can also present risks. Firstly, the type of encryption used by your home router.
Depending on your model, you may be using a more or less secure form of encryption to carry your data; from the weak and outdated WEP (Wired Equivalent Privacy) to the common and strong WPA2 (Wi-Fi Protected Access II). Whenever possible the most secure form of encryption available should be used.
When setting up a router, it is also recommended that WPS (Wi-Fi Protected Setup) is disabled. The function of this is to allow a quick method of connecting devices, and though it may appear merely convenient, this function could allow anyone with momentary physical access to your router, permanent access to your network.
Likewise, creating a MAC address filter allows you to build a list of trusted devices which are permitted to connect to the network, whilst excluding non-trusted devices.
Finally, changing your network name and password from their defaults should also be standard practice. A networks name can frequently give an attacker an indication of the type of network, thus offering them an advantage, and likewise default passwords may be more easily broken than a novel alternative.
Though it may not sound particularly thrilling, ensuring that the many forms of software that you use are up to date is vital for ensuring the security of your information. Whilst in the office these updates are likely taken care of by administrators, but just because you are working from home, does not mean this process can be ignored.
Not a day goes by where a new vulnerability or exploit isn't found, and though many of these software weak spots are found by well-intentioned security researchers, that is not to say that cybercriminals aren’t working around the clock to find new ways to scam and extort users.
Just like the operating system on your mobile device, the software on your PC or laptop requires attention. Most of the time you will be alerted to available updates and given the option to ‘update now’ or to delay the update.
If you’re in the middle of a piece of time sensitive work, it is reasonable to delay an update, but by ignoring these updates for an extended period of time, you expose yourself, your devices and your information up to vulnerabilities.
When working inside an office, devices rarely move around. Likewise, access to devices and accounts invariably requires passwords to be set. This is not the case at home.
The latest research suggests that around two thirds of respondents (68%) use personal devices when working from home, a statistic which should be a concern of organisations of all kinds. Though not necessarily less secure than a work device, a personal device can present a different set of risks.
For example, in many cases, personal devices are shared amongst a household. Ideally, any device being used for work purposes, should be used for that purpose alone. If this is not possible, it should be ensured that any sensitive or confidential information is adequately protected, and additional guest accounts added.
It may sound overly protective, but consider the possibility of a child, for example, inadvertently clicking on a phishing email whilst logged onto your work account.
There are many things that you and employees can do to help ensure strong information security during this time of remote work and coronavirus. It is important that going forwards, as remote work becomes more common, that advice such as the above is adhered to, and that standards do not fall at a time when businesses face such levels of uncertainty.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Top Cyber Security Awareness Training Topics · Phishing · Web Safety · Passwords · Malware · Mobile Devices · Wi-Fi · Social Engineering · Encryption · Backups · Sensitive Information.
Hackers Target Universities, LoveBug Virus, and Tokopedia Breach: InfoSec Round Up: May 8th 2020
Who is Responsible for Enforcing the Data Protection Act? Information security awareness blog by Information Security training provider Hut Six Security
Priya, our Customer Success Specialist, talks about her favourite tutorial, Social Media & Privacy, which explains the dangers of social media sites and how to stay safe.
NCSC Campaign, Warwick University Breach, and Kinomap: InfoSec Round-Up: April 20th - 30th 2020
Are there any exemptions to the Dta Protection Act? Blog by Information Security Awareness Training provider Hut Six Security.
Simon Fraser, our Managing Director, talks about his favourite tutorial, Assessing your Risk, which explains how businesses can assess the likelihood of a security risk occurring
Hut Six are pleased to announce membership to Tech nation Cyber, the UK's national scale-up program for all things cyber and tech. Blog by Hut Six Security.
Pratteek Bathula, our Product Director, talks about his favourite tutorial, Encryption, which explains the principle of encryption and how it is used to keep your information safe.
Technical Director Dan walks us through the password security tutorial. New video from Information Security Awareness Training Provider Hut Six Security