The Many Dangers Of WFH

As organisations prepare for what life looks like in a post-pandemic world, one of the many issues they’ll have to address is IT security for home workers. According to the Velocity Smart Tech 2021 Report 70% of remote workers said they had experienced IT problems during the pandemic, and 54% had to wait up to three hours for the issue to be resolved.

While employees in this new remote work situation will be trying to stay connected with colleagues using chat applications, shared documents and through conference calls instead of physical meetings, many are probably not vigilant enough of the risk of cyber attacks.

A remote workforce comes with myriad dangers, with employees relying on their home networks, and sometimes their own devices, to complete tasks. Employers can only hope their people have technical skills, because should they experience any technical issues, there’s not much their IT team can do to help.

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently released a draft of its “Zero Trust Maturity Model” as US agencies are asked to reach a basic zero trust maturity level by the end of fiscal 2024.

A report in the USA highlighted that during the pandemic, remote workers had caused a security breach in as many as 20 per cent of businesses and while companies may feel they have all the necessary protections in place in their offices, with a new hybrid way of working which involves staff working partially or completely from home, client security could easily be compromised. 

One British cyber security service provider, Hicomply, is warning that not taking the right precautions for home working could lead to serious business disasters. Hicomply has created a SaaS (software as a service) platform used across a range of industries to manage information security. “If not done right, working from home introduces significant additional risks to business systems and critical information, with potentially disastrous consequences,” according to David Warren, Chief Operating Office at Hicomply.

Its not only the actual cost to a business but also customer confidence and  reputational damage that can be just as difficult to repair.

Some of the potential problems are around employees accessing sensitive or confidential information over poorly secured WiFi or VPN connections or using personal devices which may not have up-to-date software or anti virus protection. 

There is also the risk that visitors to the employee’s home may get sight of private information and possible security risks which could see devices being stolen. 

The Hicomply platform helps companies work towards ISO/IEC 27001 certification which can not only better place to them meet the criteria necessary to win lucrative contracts but can also help protect their valuable information.
“An ISO 27001 implementation can help manage risks associated with home working... Implementing technical measures such as secure log-on procedures, encryption and information back-up all help to protect information from unwanted access, theft and accidental loss.” said David Warren. 

This includes identifying business needs which in turn helps companies understand and justify the working at home risks, along with setting out the rules, roles and responsibilities for secure remote working. 

Working from home can bring significant benefits to an organisation and its employees but in order to reap those benefits, companies need to take the very real information security risks seriously. Hicomply recommend implementing an ISO 27001 Information Security Management System to help identify the main risks and priorities corrective action and give r employees a sense of responsibility for managing their organisation's security. 

Ensure your organisation provides cyber security awareness training, and keep IT resources well-staffed. Remote employees should have ready access to contact information for critical IT personnel to whom security incidents can be reported and who can assist with technical issues. 

Hicomply      ITGovernance:      I-HLS:      AdminControl:       MakeUK:       SHRM:

You Might Also Read: 

Cyber Security Resolutions (£):

 

« Russian Cyber Security Chief Charged
Ever Increasing Attacks On Maritime Ports & Systems »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Muninn

Muninn

At Muninn (aka Wehowsky), we specialize in mitigating potential risks within your network, providing one of the leading network detection and response (NDR) solutions on the market.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

AlertFusion

AlertFusion

AlertFusion is a platform that makes security operations more effective. It complements existing tools and technologies, unifies operations, enhances process maturity and drives efficiencies.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

Comparitech

Comparitech

Comparitech strives to promote cyber security and privacy for all. We are committed to providing detailed information to help our readers become more cyber secure and cyber aware.

CYDEF

CYDEF

CYDEF provides comprehensive, state-of-the-art cybersecurity protection that is accessible and affordable to organizations of any size.

Endure Secure

Endure Secure

Endure Secure is a managed cyber security & information security consultancy. Our passion for IS and our understanding of the threat landscape is reflected in the services that we provide.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

AI Security Institute (AISI)

AI Security Institute (AISI)

The AI Security Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.

BuddoBot

BuddoBot

BuddoBot has been a pioneering force in cybersecurity and information technology since 2008.

XONA Systems

XONA Systems

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.

Redapt

Redapt

Redapt is an end-to-end technology solutions provider that brings clarity to a dynamic technical environment.

NetSentries Technologies

NetSentries Technologies

NetSentries provide smart cybersecurity solutions and services to protect Governments, Enterprise and Individuals from threats through a comprehensive range of protocols, products and services.

SITE Intelligence Group

SITE Intelligence Group

For over two decades, SITE Intelligence Group has provided customers with critical actionable intelligence and analysis on terrorist and violent extremist online networks.