The Many Dangers Of WFH

Uploaded on 2021-10-13 in TECHNOLOGY--Resilience, FREE TO VIEW

As organisations prepare for what life looks like in a post-pandemic world, one of the many issues they’ll have to address is IT security for home workers. According to the Velocity Smart Tech 2021 Report 70% of remote workers said they had experienced IT problems during the pandemic, and 54% had to wait up to three hours for the issue to be resolved.

While employees in this new remote work situation will be trying to stay connected with colleagues using chat applications, shared documents and through conference calls instead of physical meetings, many are probably not vigilant enough of the risk of cyber attacks.

A remote workforce comes with myriad dangers, with employees relying on their home networks, and sometimes their own devices, to complete tasks. Employers can only hope their people have technical skills, because should they experience any technical issues, there’s not much their IT team can do to help.

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently released a draft of its “Zero Trust Maturity Model” as US agencies are asked to reach a basic zero trust maturity level by the end of fiscal 2024.

A report in the USA highlighted that during the pandemic, remote workers had caused a security breach in as many as 20 per cent of businesses and while companies may feel they have all the necessary protections in place in their offices, with a new hybrid way of working which involves staff working partially or completely from home, client security could easily be compromised. 

One British cyber security service provider, Hicomply, is warning that not taking the right precautions for home working could lead to serious business disasters. Hicomply has created a SaaS (software as a service) platform used across a range of industries to manage information security. “If not done right, working from home introduces significant additional risks to business systems and critical information, with potentially disastrous consequences,” according to David Warren, Chief Operating Office at Hicomply.

Its not only the actual cost to a business but also customer confidence and  reputational damage that can be just as difficult to repair.

Some of the potential problems are around employees accessing sensitive or confidential information over poorly secured WiFi or VPN connections or using personal devices which may not have up-to-date software or anti virus protection. 

There is also the risk that visitors to the employee’s home may get sight of private information and possible security risks which could see devices being stolen. 

The Hicomply platform helps companies work towards ISO/IEC 27001 certification which can not only better place to them meet the criteria necessary to win lucrative contracts but can also help protect their valuable information.
“An ISO 27001 implementation can help manage risks associated with home working... Implementing technical measures such as secure log-on procedures, encryption and information back-up all help to protect information from unwanted access, theft and accidental loss.” said David Warren. 

This includes identifying business needs which in turn helps companies understand and justify the working at home risks, along with setting out the rules, roles and responsibilities for secure remote working. 

Working from home can bring significant benefits to an organisation and its employees but in order to reap those benefits, companies need to take the very real information security risks seriously. Hicomply recommend implementing an ISO 27001 Information Security Management System to help identify the main risks and priorities corrective action and give r employees a sense of responsibility for managing their organisation's security. 

Ensure your organisation provides cyber security awareness training, and keep IT resources well-staffed. Remote employees should have ready access to contact information for critical IT personnel to whom security incidents can be reported and who can assist with technical issues. 

Hicomply      ITGovernance:      I-HLS:      AdminControl:       MakeUK:       SHRM:

You Might Also Read: 

Cyber Security Resolutions (£):

 

« Russian Cyber Security Chief Charged
Ever Increasing Attacks On Maritime Ports & Systems »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

Beta Systems Software

Beta Systems Software

Beta Systems automate IT-based business processes, control access rights, monitor processes, secure the network and optimize the infrastructure management of corporate IT.

BioCatch

BioCatch

BioCatch uses behavioral biometrics for fraud prevention and detection. Continuous authentication for web and mobile applications to prevent new account fraud.

Coro Cybersecurity

Coro Cybersecurity

Coro (formerly Coronet) empowers organizations to protect against malware, ransomware, phishing, and botnets - across devices, users, and cloud applications.

Nexthink

Nexthink

Using our solution, hundreds of IT departments effectively balance offering a productive and enjoyable end-user experience with making the right decisions to secure and transform the digital workplace

TrustInSoft

TrustInSoft

TrustInSoft develops solutions that validate mission-critical software and eliminate attack vectors.

UltraSoC Technologies

UltraSoC Technologies

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

CyberNet Albania

CyberNet Albania

Cybernet Albania has been providing IT support and services to small businesses since 2016. We strive to eliminate your IT issues before they cause downtime and impact your operations.

Trianz

Trianz

Trianz Cybersecurity Services are Powered by One of the World’s Largest Databases on Digital Transformation. We Understand Evolving Risks, Technologies and Best Practices.

InfoSec Brigade

InfoSec Brigade

InfoSec Brigade offers a suite of specialized solutions that help businesses to mitigate risk by integrating cyber and IT security protocols with business goals.

Redington Group

Redington Group

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

CovertSwarm

CovertSwarm

Since 2020 CovertSwarm have been radically redefining how enterprise security risks are discovered. We outpace the cyber threats faced by our clients using a constant cyber attack methodology.