Cyber crime – the risks of working from home
- Cyber criminals are switching tactics and exploiting COVID-19-related fears among the population. As a result, working from home is becoming a gateway to new forms of data theft.
- Poor technological infrastructure and inadequate cyber and data security are hampering the productivity of Swiss employees working from home – and represent a cyber risk to businesses.
- One quarter of all employees have noticed an increase in fraudulent emails, spam and phishing attempts in their corporate email since the beginning of the COVID-19 crisis.
- 26% of survey respondents report they are currently tempted to keep copies of valuable company data in case “the worst comes to the worst” (the company becomes insolvent or they lose their job).
- Companies need to prioritise preventive measures to address the loss of corporate data and intellectual property but also to tackle the risk of corporate fraud.
COVID-19 has brought about a change in criminal activity. While the pandemic may have reduced the threat of physical crime e.g. home break-ins and pick-pocketing, targeted cyber crime is on the rise as criminals exploit widespread anxiety about COVID-19. Cyber criminals are adapting their tactics and are now targeting people in their homes, which in many cases, is now their office too. As working from home becomes a gateway to new forms of data theft, companies face increased cyber risk. However, cyber criminals attempting to access corporate data, customer information and intellectual property are not the only threat to businesses - employees can also be a weak link in corporate IT security systems.
As the economy becomes increasingly digital, the growing cyber threat is outpacing most companies’ ability to manage it effectively. All types of data held – employees’ personal information, corporate data, customer information, intellectual property and key infrastructure – is at risk. Currently, it is still difficult to assess the long-term impact of the COVID-19 crisis, but it will certainly have given a significant boost to digitalisation in the corporate environment. However, at the same time, the cyber threat is accelerating, and the fact that large numbers of staff are now working from home presents new risks. We surveyed 1,500 Swiss residents of working age and asked what technological challenges they face as a result of working from home, how they judge cybersecurity, and how they themselves act in terms of security.
Technological pitfalls of working from home
Almost half of respondents (48%) report that they are working from home as a result of the COVID-19 crisis. Although 41% believe they are more productive when working from home compared to a traditional office setting, 25% consider themselves less productive. Employees working from home face a range of challenges, from missing interactions with colleagues and distractions by partners and family members, to problems with technical infrastructure and inadequate cyber and data security.
Back in March 2020, many governments around the world imposed lockdowns advising that anyone who could work from home should do so. Initially this sounded appealing to many employees - they thought they would be able to manage their time more effectively, have fewer interruptions, work in a more focused way, and save time by not commuting. However, reality rapidly set in as the first few video conferences or attempts to share data with project teams exposed shortcomings with their IT infrastructure.
If employees are to be able to work from home at the same pace and with the same efficiency as in the office, most will require the latest technology. This includes high-spec hardware (laptop, smartphone and printer), up to date software (video-conferencing tools and data management systems), and a reliable internet connection (fast broadband and secure access to the corporate network via VPN).
Since cyber and data security are equally as important regardless of whether staff are working from home or in the office, employers are now putting in place a whole range of cyber and data security measures. This raises the question of how employees perceive these measures. On the positive side, 90% of survey respondents report that they are still able to work efficiently from home despite all the additional security controls (Chart 1). On the other hand, one in 10 complain that they are less productive as a result. Specific problems include access to data, a poor VPN connection, limited access to software tools that they have been using for years privately, and not being allowed to use their own printer.
Chart 1: The impact of cyber and data security measures on efficiency of working at home
Cybersecurity: further risks inside the company
Ensuring efficiency is, however, just one factor involved in IT security measures applied to staff working from home. Another factor is the need to prevent cyberattacks, and we wanted to know how employees working from home perceive their corporate cybersecurity posture.
For non-security experts, it is difficult make an accurate assessment of the extent to which their employer’s measures are improving their IT security. Nevertheless, it is surprising that 14% of survey respondents are concerned about cyber and data security when working from home. Furthermore, 25% report an increase in fraudulent emails, phishing attempts and spam to their corporate email since the start of the COVID-19 crisis (see Chart 2), with this issue also attracting media coverage . It is unclear how many cyberattacks have gone unrecognised by employees, but a successful attack can cause unforeseen damages.
The survey findings confirm anecdotal evidence from businesses that this pandemic has triggered a change of tactics from cyber criminals who have followed employees to their new workplace – their home. Increasingly, cyber criminals are attempting to exploit weaknesses in remote IT security arrangements. Companies urgently need to adapt IT security measures for home workers and align them with the measures applicable to the physical office.
Chart 2: Trends in phishing emails and spam since the beginning of the COVID-19 crisis
The external enemy – cyber criminals – is only one of the threats about which security conscious companies should be worried. As this survey shows, companies also face threats from within their own ranks – internal employees.
The length of the lockdown and its economic impact mean that many employees are increasingly worried about their job security. Many are tempted to prepare in case “the worst comes to the worst” – that is, they lose their job or their company becomes insolvent. In fact, 26% of survey respondents report being tempted to make copies of important company data as a precaution. Storing internal company data against a worst-case scenario very clearly illustrates how crucial it is for companies to act to prevent the loss of corporate data, intellectual property and, more broadly, to tackle the risk of corporate fraud.
Options for companies
So, what measures can companies take to reduce these risks?
They include the following:
- Make staff aware of these issues, train them in managing sensitive data and remind them of the company’s code of conduct and related rules. Working from home introduces new cyber risks and employees need to be adequately trained in their responsibilities.
- Regularly check that the security measures taken to protect new and tactical IT solutions (including cloud-based solutions) deployed are effective. Many solutions were rolled out under enormous time pressure at the beginning of the crisis and IT staff now needs to ensure effectiveness of security controls.
- Step up security monitoring of both devices and users to enable companies to proactively identify and correct mistakes made by users in managing sensitive data.
- Assess capability and capacity to recover from catastrophic cyber attacks effectively, such as a widespread ransomware attack. This includes the capability to get the entire IT infrastructure back up and running as soon as possible after such an event.
- Validate the security effectiveness of your most important service providers, suppliers and sales partners. Weaknesses in the supply chain can cause major cyber and data breaches.
Only by taking these measures will companies be able to ensure that the exchange of data between their offices and those employees working from home is not only adequately protected, but that home office IT set-ups do not become a gateway to new forms of cyber crime. Here, as in other areas, trust is good, but verification is better.
About the survey
Figures in this article relate to a survey of 1,500 working-age people (16 to 64 years) resident in Switzerland looking at the impact of COVID-19. The survey was conducted online between 10 April and 15 April and is based on a representative sample of ages, genders and regions.