When it comes to cyber security, there is little room for error. Those who fail to protect their devices effectively can be in for a nasty surprise. With more and more people working from home instead of the office, hackers are more active in exploiting the security weaknesses of home workers. This while employees are hardly aware of such hacks, attacks, and dangers.
It is in the interest of the organization and the employee that everyone who works from home is aware of the many methods used by hackers to gain access to their computers and (business) systems. To increase this awareness, companies can opt for cyber security awareness training.
1. Cyber risks when working from home
What risks do employees and organisations run when they work from home? Below, we have listed a few risks that working from home entails from a cyber security perspective:
1.1 Poor security
Your remote workers are an interesting and vulnerable target group. After all, company data can be accessed remotely and the security of employees’ devices when working from home is often not optimal. When employees do not adhere to cybersecurity best practices, hackers and cybercriminals can gain unwanted access to your corporate network and sensitive data.
Your employees will have less contact with each other, increasing the likelihood of a successful phishing attack.
1.2 Passwords
Weak passwords
Even if your organisation uses VPNs, firewalls, and other cyber security measures to protect the network, human error remains a significant underlying problem for data breaches. When employees use weak passwords to secure their accounts, they give hackers easy access to their system and, in turn, your company’s systems and data.
Repeating Passwords
Hackers use another common but dangerous practice: repeatedly using a password. After obtaining the password for one account, hackers will use the same password to gain access to several accounts. They do so because many people tend to use the same password for different applications. Employees who use the same password for both personal and professional accounts are at greater risk.
1.3 WiFi
While most companies are concerned about the security of their remote workers’ laptops, few think about how their employees’ Wi-Fi networks can act as a gateway for hackers to access their company’s important data.
While many people are aware of the need to update their smartphone or anti-virus software, they often ignore changes to the software on their home network. Routers that have not been updated will, like other devices such as your smartphone, have security holes that could lead to data breach problems in the future.
1.4 Personal devices
Employees who work from home rarely take their entire workplace with them. Doing business remotely can involve the use of personal devices such as computers, phones, and home printers.
While printers may seem to make life easier, they can have security holes. And hackers are eager to use them to get access to the data stored on them. When remote workers print company documents on their own printers, this can also pose a security problem.
As you can imagine, personal smartphones and computers, for example, are generally more at risk than corporate devices that do not leave their physical location. For example, your employee may regularly connect his phone to an open Wi-Fi network in a cafe, or download unauthorized games (or software).
So although it seems to be increasingly normal for employees to work from home, this is certainly not without risks. These risks are often underestimated by companies.
Are you at risk?
It is very common that people do not see themselves as a potential target for a hacker. However, hackers scour the Internet and websites like Linkedin to collect personal data from potential targets. In combination with data from social media websites, it is possible to set up successful spear-phishing campaigns.
Access to the user’s system can therefore also mean access to the company’s system. As a company, be aware of the risks of working from home. It is therefore crucial to offer security training to your employees. Train your employees on cyber security awareness and combine this with phishing simulations if necessary.