Amer Owaida, Security Writer at ESET discusses that despite a big chunk of the workforce moved to work from home environment and started using their own personal laptops, but still many of them didn’t receive any new security training or tools from their employer to properly secure the devices.
With the COVID-19 pandemic surging around the world, many companies have had to switch to a work-from-home policy to keep their employees safe. The rush to remote work didn’t come without risks; an IBM survey found that newly-minted remote workers actually present a significant cybersecurity risk – however, they may not be to blame.
Surveying more than 2,000 United States-based employees newly working from home, IBM found that even though eight in ten respondents were confident in their company’s ability to handle cyberthreats stemming from remote work, nearly half didn’t receive any additional cybersecurity training since going remote.
That’s a worrying state of affairs, since underestimating proper cybersecurity training for employees can eventually backfire. ESET Chief Security Evangelist Tony Anscombe described the problem succinctly in his article on the COVID-19-powered shift to remote work: “Don’t assume that all employees can switch to remote working effectively and with little assistance or guidance. Home is not the office and they may need significant assistance to adapt.”
The switch has also impacted the way companies go about conducting their daily activities, including meetings. “The rapid shift to working from home has also changed the ways many organizations do business from moving face-to-face meetings to video conferencing calls to adding new collaboration tools—yet the survey showed many employees are lacking guidance, direction, and policies,” said IBM in a press release.
Over half of the respondents said they participate in one to five videoconference calls per week, with an additional 20% saying that they participate in six to ten such meetings per week. Yet over half of them said that their employer did not introduce or were unsure of new cybersecurity policies around videoconferencing.
While conducting meetings over videoconference calls adheres to social distancing rules and keeps everyone safe, from the virus at least, there should be policies and rules in place to keep the calls safe as well. Topics discussed over conference calls may vary and can include a whole range of confidential information and may even necessitate file transfers, so you want to avoid intruders from getting unauthorized access. Therefore, there are several things you should consider before hopping on a conference call, including making sure that no sensitive information visible on camera and that your call is secured by a password and, ideally, end-to-end encrypted. You can read up on all our recommendations on secure videoconferencing while working from home.
Since we’ve already mentioned encryption, we’d be remiss in omitting another important step towards keeping your work data secure – a virtual private network (VPN). It allows you to encrypt your internet traffic and provides you with access to data you would be only able to access on your company’s network. Most companies usually set up the connection between the main office and your remote workspace through their IT department, however if your company doesn’t have an IT department, you can do it yourself and it is worth the added sense of security.
Although IBM’s survey may call into question the approach companies take to working-from-home cybersecurity practices, it is worth noting that everything had to be done on the fly, since nobody could have planned for the pandemic. Although that is no excuse, companies can patch up the holes in their security by arranging for proper security training for their employees, providing secure remote access, as well as adding an extra layer of security using multi-factor authentication.