How do we make home working secure?

8th of June 2021
How do we make home working secure?

The Covid vaccines rollout gives us hope for a strong global economic recovery following the pandemic … but will do nothing to rid the world of another toxic menace that has fed on people’s fears over the past year, writes Hartley Milner.

Fraudsters will have rubbed their hands with greedy anticipation when the world locked down early in 2020. Millions of people suddenly found themselves working from home without the levels of security provided in their workplaces, leaving them vulnerable to a raft of elaborate scams devised to exploit the health crisis on an industrial scale.

Covid-related frauds that emerged almost overnight included social media platforms and fraudulent websites advertising PPE products, phoney charity appeals for money to develop Covid drugs and fake email and text alerts purporting to be from public health authorities but actually containing malicious software. Among the most insidious were phishing emails designed to trick people into clicking on links that download malware providing access to an organisation’s IT systems.

Global policing agency Interpol reported recently that “significant volumes” of phishing scams were detected by around two-thirds of its member countries. There is also a vast amount of fake news and misinformation in circulation about the virus or casting doubt on the effectiveness of the vaccines.

Ransomware attacks, in which users have to pay large sums to get their computer working again, are also on the rise. From January to April last year, some 907,000 spam messages, 737 incidents involving malware and 48,000 malicious URLs – all related to Covid-19 – were detected by one of Interpol’s private sector partners.

“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by Covid-19,” said Interpol secretary-general Jürgen Stock. “The increased online dependency for people around the world is also creating new opportunities, with many businesses and individuals not ensuring their cyber defences are up to date.”

Scams and cyber attacks have risen to record levels in almost every country over the months of the pandemic. The cost to the global economy is predicted to exceed $6 trillion annually by the end of 2021, up from $3 trillion in 2015, and rise to $10.5 trillion each year by 2025.

Not safe enough

While Coronavirus is in retreat across much of the world, its impact on the way we work will likely be long lasting. Surveys show that the majority of people who have worked from home during the lockdowns wish to continue doing so after the pandemic, at least for part of the time.

Homeworkers report having happier family lives, feeling less stressed not having long daily commutes and say they are spending less and are more productive. However, many complain that not enough is being done to keep them safe from attack when online.

Employers are also increasingly coming round to accepting that remote working is here to stay, seeing significant cost savings for their organisations. In the UK, a poll of 350 employers across the private and public sector reveals that 85 per cent expect up to half of their employees to continue working from home over the next year. A quarter of employers say they will be looking to downsize their office space as a result. Almost all (97 per cent) agree that homeworking environments will need to be adapted if the trend is to be sustainable in the long term … including making them more cyber secure.

Transformation required

“While many organisations were able to navigate the short-term technology challenges posed by the rapid increase in homeworking, further transformation is required for it to be effective in the long-term,” said Richard Beeston, product director at secure IT services provider DCS that commissioned the report.

“To date, many homeworkers have simply ‘got by’ using their existing Internet connectivity, but this does pose both ongoing performance and cybersecurity challenges for many organisations. As homeworking models mature, we would expect to see increased investments in connectivity and security as remote access to systems, applications and data becomes the norm.”

Ensuring the safety of his staff was Martin’s first concern as head of communications for a pan-European prestige car dealership. Martin, who for security reasons asked ECJ to not use his full name or name his employer, had less than three weeks to prepare his team for working from home in early 2020.

Martin said: “It turned out to be a formidable logistical challenge, not least because as well as transitioning my communications staff I was also being expected to move the rapid-response engineers to remote working, and then manage the service they provide to customers. Not being my department, I didn’t have a clue about the IT systems and procedures the engineers depended on to perform their tasks, so I had a lot to learn, and I had to learn fast. I decided to look first at the common, basic provisions I would need to make to ensure both groups of workers were able to work happily from home. My priority concern was for the mental and physical wellbeing of everyone and keeping them motivated during a period of huge disruption, and a big part of this would be to ensure they felt safe and secure.

“At the same time, I had to ensure that the company’s own security would not be compromised by the move to homeworking. Fortunately, I was able to access an IT consultancy that had experience of delivering remote systems. They advised about the devices that could be used at home with minimal dependency on the company’s critical IT systems, so reducing their exposure to hacking. This included setting up a VPN (virtual private network) so that where a dependency was unavoidable the remote computers had secure and encrypted connections with the firm’s servers and homeworkers’ networked devices.

“Our people would not be allowed to use their own desktop computers, laptops, iPads and smartphones for company business because there was no guarantee they could be used securely. Employees could inadvertently expose company data to risk through their use of personal devices, and it was likely they would not be the only ones with access to them. So we provided equipment that had been purged of vulnerabilities and then made as secure as possible with up-to-date firewalls, antivirus software, anti-malware and other essential security protocols.”

Employees’ responsibility

Martin said employees then needed to be reminded that it was their responsibility to stay safe at home. “I read somewhere that 95 per cent of cyber security breaches were due to human error, so scam and fraud awareness training was crucial,” he said. “During our weekly Zoom sessions, I have always banged on about the risks of working remotely and how they can be minimised, including when using unsecured public Wi-Fi on the occasions they are away from home. I regularly update the teams on emerging scams and ask them to log and report all suspicious emails and texts.”

Martin said he receives reports of suspicious activity from his teams most days, but any malicious software that may have been inadvertently uploaded onto a device has always been neutralised by the firewalls. But he added: “We know we dare not drop our guard with scammers becoming evermore stealthy and probing.”

Homeworking will represent a weak link in a company’s cyber defences for some time to come, according to UK online security consultant Stan Ogilvy. “For businesses, their employees’ safety at work is a top priority, which is why they invest a large portion of their annual budget into protecting their premises from cyber incursions,” he said. “But securing a premises where everyone is working under one roof is a far less challenging proposition than keeping hundreds of people secure when they are scattered across many different locations.

Sophisticated security

“At the moment, it is simply too complex and expensive to make employees’ homes as secure as they really need to be. It is true, security systems and protocols are becoming more sophisticated, especially so over the past 12 months or so, but then so is the cybercriminals’ expertise in breaching them. And it has to be said that homeworkers may not always be as diligent as they could be in following security precautions when working from home.”

Ogilvy suggested speeding up the rollout of remote working hubs that provide a halfway house between working entirely from home and commuting daily to the office. He said the hubs are kitted out with desks and ICT services, super-fast broadband, cloud-based software providing secure isolated connections and resilient encryption networks that deliver “corporation-grade” security.

“As part of a mixed-use policy for buildings left permanently empty by the pandemic, the hubs could play an important role in helping to rejuvenate local communities and high streets. Being able to walk, cycle or even run to work promotes a healthier workforce, and a reduced dependency on transport could help countries achieve their CO2 reduction targets. The issue now is not whether hybrid working has a future post-Covid but how to make it secure.”

 

Our Partners

  • Interclean
  • EFCI
  • EU-nited