Work Anywhere Research shows IT security change needed in wake of COVID-19 work-from-home move A new report shows the rapid shift to working from home has left corporate security in the lurch and recommends ways to improve support and security.
Author Susi O'Neill Art byCharles Deluvio Published on May 14, 2020 minute read Share article Show more Show less Art byCharles Deluvio Share article Show more Show less For those fortunate enough to be in work, COVID-19 has changed working life. Social distancing means many usually based in an office now work from home. It certainly has its benefits. Cybersecurity needs for remote workers are also changing, as cybercriminals adapt to new opportunities for compromise. For example, they’re taking advantage of heightened interest in news about COVID-19 and changes in habits. We’ve seen an increase in phishing attacks, like COVID-19 advice emails from hackers pretending to be healthcare organizations. The Kaspersky team dived deeper to find out how this is affecting employees. The report How COVID-19 changed the way people work came out of interviewing more than 6,000 people in 12 countries. It found many businesses ill-equipped many to face homeworking security challenges. These are some of the report’s highlights. Personal use of work equipment causes blushes A good way for hackers to access your corporate network right now is when employees use corporate equipment for personal tasks. Or when they use corporate networks through unsecured or poorly secured personal devices. More than one in two respondents have corporate equipment to work from home, but two-thirds said they use personal computers. That means IT and data security teams may have less visibility about corporate data use. It’s particularly concerning, because 84 percent of those using personal computers for work also let others in their household use those same computers. It’s no problem as we’re all using anti-virus software, right? Good work, the one in three employers who’ve provided homeworkers with anti-virus software for their personal devices. For those that haven’t, devices, and so corporate data, could be easily hacked. What you do on your device could lead to more blushes. One in three respondents admitted to visiting adult websites on personal computers they use for work. Cybercriminals use porn as a hook to seduce victims, then steal bank card details or trick the victim into installing malware. That’s one way to get a red face and a red bank balance. Fridges can eat corporate data How employees connect to your network is critical. Cybercriminals love the remote desktop software companies have been installing to let employees access internal systems. Since the beginning of March 2020, there’s been a sharp rise in attacks on ports open for Microsoft’s popular remote desktop protocol tool, RDP. When connecting remotely to the corporate network from home, employees don’t think about what else is linked to their home router. It might be a smart fridge or vacuum cleaner that’s smarter than it lets on, thanks to internet of things security vulnerabilities. The home router may also be poorly protected or already compromised. A virtual private network (VPN) can solve both problems. With a VPN, work machines communicate with the corporate network over a secure channel. Direct connections are blocked. But the report found only one in two employees use a VPN. Homeworking isn’t home comforts for all There’s good evidence to support the benefits of flexible and homeworking, but the sudden transition hasn’t suited everyone. One in two respondents hadn’t worked from home before. One in three say their situation is now less comfortable or they don’t have enough space. One in four respondents don’t have a separate workspace at home. This could lead to discomfort, using bar stools or slouched on a sofa to work with a laptop. With nine in ten respondents living with others, there can be strains from life with new ‘co-workers.’ One in three parents have had arguments with their children over internet use and find it hard to control how their kids use the internet, on top of the challenges of home-schooling and juggling childcare with work. Despite these problems, three in ten still think they’re more productive working at home. Four in ten say they’re equally productive. How can you improve your work-from-home life? The report proposes ways of addressing the more common work-from-home frustrations. Alena Reva, Kaspersky’s Vice President of Human Resources, North America, points to existing knowledge of what works: “Studies of groups working in Antarctica show that eventually, our brains turn on ‘psychological hibernation’ to cope with stress. If that’s happening to you, maybe ask for time off and have a week of self-care: Get sunlight, talk to friends and family, and read your favorite books.” For those with children at home, Alena recommends revisiting routines. “I have an autistic eight-year-old at home who can barely tolerate any changes. Most kids thrive on structure, so you need to create one that works for your household. If you and your partner have to work, a schedule can help. “Try the Pomodoro Technique. Here, the first partner works for 25 minutes then takes a five-minute break, while the second partner watches the kids. Then switch. Research shows 25-minute intervals are best for productivity – it creates just enough urgency to eliminate distractions so you can concentrate. And most kids can focus for 25 minutes.” Mental health when working from home presents particular challenges, especially for managers looking out for their team’s wellbeing. Two leading workplace psychologists say there are things we can do to help ourselves and our colleagues stay mentally well. How can you help your employees be more secure? Human behavior causes most corporate data breaches, so raising employee cyber awareness is one of the best ways to take action against cybercrime. Leaders should be thinking about how to deliver cybersecurity training in effective ways for homeworkers. For better engagement in the learning material and more bang for their time, use adaptive learning, meaning, learning that assesses and adapts to each person’s level of knowledge, skill and confidence. ‘Stay safe, stay secure’ is an ideal, free course for employees new to remote working. It covers things like choosing strong passwords, the importance of endpoint protection and regular software updates in just 30 minutes. If you’re an IT manager, you’ll want to set your business up for security success. Make sure you know the biggest cybersecurity pitfalls with remote workers and what you can do. Homeworking, while necessary right now, should be part of a cultural shift to digital transformation. It’s time to set the path for the cultural change to make secure homeworking a success. This article was published in May, 2020.