Why Work from Home Can Pose a Threat to Your Security

Since the COVID-19 pandemic began, more and more companies have adopted remote work arrangements. While this comes with several advantages for companies and employees, it can also surface new security risks. Here’s why:

1. The home IT stack isn’t vetted by pros

In many remote work situations, employees may use their own hardware to do company work, either partially or entirely. The problem is that personal computers, hard drives, and other hardware haven’t been reviewed for safety and security, which could create more avenues for cyberattacks. The more pieces of personal and/or unvetted equipment you have connected to company business, the higher the risk.

2. The lines between work and home are blurred

When employees do their work in the same places and on the same equipment where they complete other activities, work and personal life are more likely to cross over. Streaming sites, gaming, entertainment, and other high-traffic apps and web interfaces tend to be more subject to malware and risk. In living their recreational digital life connected to work, employees might leave the door open for security risks to impact company connections.

3. 24/7 access vs 9-5 access

With flexible work locations often comes flexible work schedules. While this is often helpful from a human standpoint, it can complicate cybersecurity because monitoring users and programs is harder when there is constant access. That’s a lot more opportunity for threats around the clock.

4. Other people in the “work” environment

When most employees work from home, you never know when an unauthorized user could pop onto a family computer or other piece of equipment where company work is done and accidentally, or intentionally, cause issues. These factors are extremely difficult to manage from an IT perspective. The risk of human error is far greater when work is done at home.

What can you do?

The first step is to know the risks. The second step is to address them. Certain risk factors such as simple human error, can’t be completely prevented, but other factors can:

• Update (or implement) the company cybersecurity training and compliance program to include additional measures, such as specifically stating that work is only authorized on vetted company hardware. Require employees to sign off on the mandate to encourage accountability.
• Monitor devices connected to the company VPN as a double-check to ensure unauthorized devices are not connected to the network.
• Implement a company-wide password vault platform, web browsing and application monitoring solution, and require multi-factor authentication where possible.

Security is a multi-faceted issue encompassing hardware, software, and actual humans. Reducing risk is a matter of finding solutions across this spectrum, staying alert, and remaining vigilant regardless of where and how we work. As we become more used to working remotely, adapt the guardrails and systems that govern cybersecurity protocols to better secure the remote work environment. For now, the steps mentioned above are a great first step.