In a landscape where working from home is the new norm, we see some of the highest increases in risk that we’ve ever faced.  Can companies meet their privacy and cybersecurity commitments now that their people are offsite? How we manage and protect the information that our clients, customers, and employees entrust to us is more critical than ever. 

What are the top threats to our work-from-home environment?   

Unsecured Home Networks – Most of the at-home workforce doesn’t have the knowledge or skill sets to install managed networking equipment. Nor do they have the means to purchase and maintain such devices. And, this isn’t something that employers often provide. So, that leaves remote workers vulnerable to attacks. I know for a fact, that my neighbors who work from home, have not even taken the time to change device names and passwords since the day they were installed by the local cable company.  

Attacks on unsecured networks were fairly uncommon in the past because most people worked from behind the defenses of their organization’s infrastructure. Now, these types of attacks are on the rise because often, attackers can enter networks remotely with little effort gaining access to every device connected to home modems and routers.  

If you search the web for instructions on how to hack home networks, you’ll find that not only is it easy, but there are hundreds of step-by-step tutorials on how to do it. 

Losing Sight of Security Concerns – As we’ve shifted to home offices, kitchen counters, and living room workplaces, we’ve lost sight of the importance of security. We leave our laptops logged-in on the desk or countertop. We stop thinking about how important it is to lock our screens or shut down at the end of the day. Sometimes, we have to, or chose to, work from the local coffee shop where prying eyes and ears are waiting to take advantage. Social engineering* and opportunity breaches will continue to increase as access to critical information becomes more easily available in these types of settings. 

Making yourself aware of Social Engineering and how to prevent it, is more critical than ever.  

Increased Use of Personal Devices – Personal devices continue to be the easiest way for someone to get their hands on private data. As more people work from home, we’ve seen an increase in personal devices being used for work. The mobile application warehouse has expanded so much in the past few years that it’s likely that you, and everyone you know, uses personal devices to manage their work. And our personal devices don’t implement the same level of security that our work devices require. 

The ways that mobile devices can be hacked is growing right along with the technology that makes them easy to use. The more “mobile” you are, the more susceptible you become. The best line of defense for these hacks, is knowledge. Get familiar with what the bad guys are up to and learn how to prevent them from getting into your devices. 

Increased Use of Online Tools – We aren’t using meeting rooms anymore, and as I look up from my computer, I see exactly three other people occupying the hoteling cubes around me. That’s why tools like Zoom, Teams, Hangouts, and others, are so critical to the new way of managing business. We also need a way to transfer information to one another which is why there’s been a shift to Office 365, Google Docs, and other solutions for documentation creation and storage. The more we use these online tools, the more susceptible we are to hacks. 

These file-sharing solutions are much more enticing to hackers as there is the added bonus of snagging your business documents. And, to the hacker’s delight, we sometimes neglect to log out of our browsers when stopping for the day. This can open up access to your organization’s information, even when logged in over a VPN connection. 

Again, the best defense is knowledge. Being aware of what the risks are, and how to prevent them, can significantly improve your security. 

Unencrypted File Sharing – I get it, it’s a pain to add any type of encryption or passwords to the files we share. I continually hear complaints about how much the added level of security impedes performance. But think about the information that a file contains. The data points stored in a single file might shock you. When you don’t secure files properly those data points are out there for everyone to see. And, maybe to use against you. 

Taking that little bit of extra time to add a level of security, might not seem worth it… until you get hacked. 

Become Educated

In the past 18 months, Gallop, Forbes and the U.S. Census Bureau have all reported remote work increasing, even as the effects of the pandemic have eased. Working from home is here to stay, which means securing our information is no longer just in the hands of employers. Working from home means that workers must take on some of that responsibility, become educated, and apply that knowledge. Knowing the security risks you’re up against and taking action can alleviate and in some cases eliminate the risks. 

Written: February 2023