Back in the day, that is to say, in the pre-pandemic era, remote work was an interesting perk in some professions. Then s…t happened and the whole globe had to catch on really fast.
Today, in 2021, 16% of the global companies are 100% remote! Regular work from home has grown by 216% since 2005. As a leading economy, the US is a benchmark, where 1 in every 4 Americans is working from home today! 5.7 million or 4.6% of the workforce in the US are working from home in 2021. By 2025 remote workers in the US will number 35 million!
Clearly, there is something more happening here, than just a pandemic. The Global Workplace Analytics research points that there are a number of reasons why this is happening:
- Employers have found out that remote work saves up to 11% on their spending per employee;
- Employees have found out that they achieve a better work/life balance, save money and time for transport, and earn more – average pay increase is about USD 4000 per year, compared with the in-the-office workers.
Work from home is here to stay – both in the US and Australia … and globally, for that matter. Australians are working more from home than they were before the pandemic and this trend is expected to continue by the Australian Bureau of Statistics (ABS):
- 56% of the work done can be handled remotely;
- 62% of employees say that they would like to work from home;
- 35% of employees say that they are willing to change jobs in search of work from home;
- 75% of Australian employees say that they are as productive or more productive when working from home.
Sadly, work from home is not only a positive thing. Here are a few of the down-sides of working from home:
- The trouble with shutting down after work hours;
- Loneliness becomes common;
- Difficulty in communication and collaboration becomes an issue;
- … and yes, cybersecurity breaches have become common.
Help with the work/life balance, loneliness, and communication will be handled by other experts. What we can help with is the latter – cybersecurity risks, identifying them, and mitigating them, before any harm is done. Many ask, how do I become a CISO? There are many courses that give you the tools to be a cybersecurity professional.
Just when enterprises thought that they have IT security all covered and fire-walled, working from home became a boom. This, of course, created an all-new tsunami of possible security breaches, risks, and often – events.
For any of the enterprises, who are willing to ride the wave and be part of the work-from-home trend, it is important that a Remote Work Security Policy be developed and in place. This Policy needs to identify potential cyber risks and suggest ways to mitigate them. Here are a few of the necessary issues which such Policies must have and some suggestions for their mitigation:
- Use Expert Services For Risk Assessment
Enterprises need to understand that it is difficult for them to analyse themselves. External services are best in this case, both as employing better experts and being up to date with popular threats and remedies. Outsourced cyber risk assessment is not an expensive endeavor – an IT support company from Brisbane offers such starting at AUD 1440.
- Get The Proper Hardware And Software
The first days of the pandemic were hectic. Employees were dusting old home computers and logging in to the enterprise system. Others were installing new WiFi networks around their home. Others were buying totally new configurations or taking their office PC home. This is a recipe for disaster. This bunch, although good-willed, lacked proper virus protection, fire-walling, and adherence to company regulations and policies. Working from home shouldn’t mean that employees can build and configure their own systems and devices.
- Every Entry (Or End) Device (Laptop, PC, Router, Server, Phone, Tablet, …) To The Enterprise System Needs To Be Secured, As Breach Of The Security, May Be Achieved Through Any Of Them.
Working from home was wind in the sail for many collaboration and communication software. However, this is a double-edged sword. If the enterprise database is accessed remotely or is cloud-based cyber risk is at hand. This is even more true if workers are using their home devices to access corporate data. Mitigation of this issue is the reconstruction of enterprise firewalls and bringing in a multi-factor authentication system.
- Phishing Emails Increased 600% In Just The Past Year. Phishing Emails were A Popular Cyber-Crime Before The Pandemic, But With The Pandemic And Remote Workers, They Received Their Boost.
The mitigation of phishing risks is more in the hands of the remote worker. Here are a few simple, yet effective steps for employee phishing risk prevention:
- Look at the sender’s domain. Should it be a public domain, like @google.com or similar – immediately erase the message, prior to opening it? The reasoning is that no company, worth its salt, will send emails through public domains;
- Again look at the sender’s domain and scan for any misspelling, say @worltbank.com. Erase prior to opening. The scammer is pushing for an optical illusion.
- Examine the spelling of the mail. Phishing emails usually (not always) will be misspelled aiming at the most credulous of employees. Remember – it will make the mistake of only one employee to allow access of the criminal to the enterprise system;
- Examine the grammar of the mail. Scammers are usually from non-English-speaking countries and have poor English skills. Use this to your advantage;
- Examine the formatting of the emails, prior to opening them. Phishing emails tend to be poorly formatted if at all;
- The message contains attachments (.exe files are the worst, but .pdf-s can hurt too) or require you to follow a link for some reason. Do not do it, irrespective of how lucrative the offer is;
- Examine the tone of the message within the email. Look for a tone of urgency, such as “immediately”, “once in a lifetime …”, “time is running out”, etc. The only reason the phisher is pushing it is to get the target to panic. We tend to do silly things then.
Key Take-Away:
- Get professional external help – chose from a wide variety of IT services in Brisbane
- Make the cyber risk audit
- Update (or write) your cybersecurity policy
- Review the hardware
- Train your staff
… and stay safe!