The ongoing Corona crisis means that many employees are working from home. A beneficial model, which many companies would like to keep even after the problem. However, a few things to consider here: IT security remains a top priority, even when working from home, and the management bears the responsibility here. With this article, we will give you a helping hand, point out current threats to working from home, and give you tips on further increasing IT security when working from home.
Cyberattacks Are On The Rise.
Current studies and investigations paint a bleak picture of the current threat situation.
The number of cybercrime cases is increasing, while the clear-up rate is falling. The detailed evaluation “Cybercrime in times of the COVID-19 pandemic” shows that between March and August 2021, i.e., immediately after the start of the Corona crisis, several websites attracted attention because they offered information or advice on Corona emergency aid. The sites were often based on the presence of government agencies so that they looked real. The malware was caught by users who clicked on the buttons of these fake websites.
Email phishing with Corona emergency aid also gave cybercriminals high success rates: Apparently, the emails came from government agencies, so many users took action and opened the attachment. These computers were also infected with malware.
Minimize IT Risks In The Home Office
As a rule, cybercriminals target the weakest link in the chain: the homeworker. This means that people are and will remain the most significant safety factor, and concepts must be created that take this fact into account. Massive damage is often caused by tiny pests, which could have been avoided through careful handling. The following suggestions are efficient measures that can minimize IT risks in the home office:
- Equipment: Your employees* in the home office should receive standard equipment not to use home and privately operated devices. This standard equipment should not stop at software and systems. Every employee must have the necessary AV Suite security licenses to act preventively. Consider implementing a firewall to restrict external access. The BYOD trend (“bring your device”; further information in the article “BYOD: Trend with Opportunities – and Risks”) must be defined more closely or even ruled out by security guidelines.
- Internet: If you rely on cloud services, it is essential to protect them from unauthorized access. Using rights management, you can set up that each employee may only access the content they are working with. The assignment of secure passwords should also be part of your security policy. In addition, employees in the home office must be supported in securely setting up the WLAN and network.
- Behavior: Your employees need to know what they are doing. Explain in your guideline and ideally in awareness training how email applications can be used securely, how patches and updates should be handled, and how video conferences can be integrated into everyday life.
Increase IT Security In The Home Office
Two topics are of enormous importance because they ensure long-term IT security: On the one hand, the security guideline is intended to provide employees with help and information. On the other hand, the training of employees so that the knowledge gained can also be applied in practice. The first lockdown put many companies in the ugly position of reacting quickly. As a result, numerous home office employees were unprotected.
Many have already learned from these mistakes, and it has been possible to create a favorable investment climate for IT security. Overall, companies are now more aware, and the employees are also willing to go along with it. However, they need more training because security awareness is one of the most relevant factors for efficient IT security in the home office. With the following tips, you too can increase IT security in your home office:
- Develop a security policy: Your security policy contains dos and don’ts for your team. In addition to standards for (security) software and hardware (keyword BYOD, see above), rules of conduct are also defined here, for example, that updates and patches are installed promptly, ideally automatically.
- Security software: Every employee uses an endpoint security solution that is continuously updated on their device. Make sure your security software also has anti-phishing features. This not only protects your data but also significantly reduces security risks.
- Data backup: Your guideline should also include “Data backup.” Backups should be performed regularly at fixed intervals outside of the company network. A cloud server is just as valuable as an external hard drive – define this in your policy as well. If employees are attacked, the data can be quickly restored by backing up the data.
- Training: Train your employees regularly! As the threat landscape is growing, as we have seen, so must the knowledge to counter these threats. By the way: The progressive digitization resulting from COVID-19 means that training courses are also offered online. So you save on travel expenses, and your employees can learn from home.