3 Security Threats to Your Work from Home Environment, And What You Can Do About Them

Updated 06/23/2021

Cybersecurity

What do a barking dog, crying infant, and hungry teenager all have in common? They all show up unexpectedly during video conference meetings.

Our new collective work from home (WFH) environment includes a multitude of distractions, forcing us to make creative adjustments. For example, taking video conferences in your children’s bedrooms because the lighting is better, apologizing in advance for the dog who barks only when it’s your turn to speak, and frantically waving your teenager away when she comes into the room with an egg and a pan and whispers, “What do I do with this?”

These distractions and adjustments are not only anxiety producing, they intensify an already fragile WFH ecosystem.

In the rush to get employees home, most organizations prioritized setting up their employees to work but didn’t have time to address potential threats to the security of their business and data.

Below are three common threats to your new WFH environment and actionable steps you can take to mitigate them.

  1. Employees emailing documents to themselves or carrying company data on USB drives. While you probably had plenty of bandwidth at the office for your workers to quickly access files and send emails, it’s likely that you don’t have enough bandwidth to withstand your entire workforce using a VPN to access the office environment.This lack of bandwidth causes a slowdown in worker productivity forcing your employees to find other ways to get their work done; like emailing important files to their personal email accounts or putting company data on USB drives.

    “Work-arounds” like these put your data and company at risk. For example, if you must adhere to compliance standards or regulations like the California Consumer Privacy Act (CCPA), PCI-DSS, NIST 800-171, etc.… these practices would put you out of compliance and you could be liable. Your employee could lose the USB or lack proper endpoint security and have their email account hacked and company data stolen.

    Do this instead: Call your internet provider and ask about upgrading your bandwidth or try a temporary measure like using LogMeIn or GoToMyPC to create a direct link from your employees’ home to their work computer. Also, update and/or reinforce your data handling policy and distribute to your employees.

  2. Employees working on their personal computers and laptops. Not only is this a security issue, it may also be a legal and/or HR issue.On the security side, you have no idea what kind of endpoint security (anti-virus or anti-spam) they’re using. Nor do you have any way of knowing if their operating system is updated and patched or worse, they already have a malware infection!

    If, for example, they do have a malware infection and they VPN into the business, they could infect the entire network.

    Do this instead: Provide your employees with company issued laptops that you can manage remotely. You can certainly use certified refurbished computers as a more cost-effective option.

  3. Lack of structure: At the office, your employees are more likely to pay attention to security protocols due to being in a structured environment.At home however, your employees will be more relaxed. Unless security policies and procedures are continually reinforced while employees work from home, they may make costly security mistakes.

    We’ve seen a rise in clever phishing attacks. COVID-19 and the remote work environment has created a ripe opportunity for bad actors to either infiltrate your employee’s computers and/or deceive them into giving away company credentials.

    For example, imagine your employee is working diligently at home when an email arrives from an address she recognizes with a Dropbox attachment. Although the company doesn’t use Dropbox, she assumes that it’s a new application and opens the attachment. As a result, she unknowingly downloads malware. The bad actor now has access and visibility into her computer, YOUR customer data, and more.

    Do this instead: Provide your employees with security awareness training that includes phishing simulation exercises. In addition, have your HR department send out and review your security and data handling policies and procedures on a regular basis.

At Consilien we can help you procure and setup new laptops, help create a secure and resilient remote work environment, provide security awareness training, and/or help you update your policies and procedures.