The rampant corona virus has a major impact on the way we all work, in addition to all the health effects. The at least temporary change to working from home, for example, provides a massive influx of collaboration tools and cloud services such as Microsoft Teams, Slack or Hangout. But when employees from the home office work, there are some pitfalls to keep in mind so that the security of the processed data is not compromised.
The most important things in a nutshell:
- The location-independent work offers new areas of attack for criminals; for example, almost half of all cyber threats are now cloud-based. Employers and IT departments also have significantly less control over the networks and devices used by users in the home office.
- Employers should take legal cover, e.g. by giving employees written confirmation that the data protection guidelines are also adhered to outside the regular workplace.
- It is also essential to raise awareness among all employees of the dangers that arise in relation to work from the home office.
The biggest dangers at work from the home office
The connectionsthrough which employees from the home office work are often not or insufficiently secured,the transferred data is potentially more threatened. For example, care should be taken to use virtual private networks (VPNs) to ensure a secure connection. The infrastructure for this can usually be provided centrally by the company IT.
Whether Office365, Google Drive or Box – as convenient as these web-based file sharing tools are; they also bring new dangers. For example, cloud security specialist Netskope found in a recent study that 44 of all malicious threats target the cloud. A cleanly mounted rights and access management is essential here, for example, in order to protect the sensitive company data.
The secure storage of end devices is much more difficult for companies outside the regular workplace to control because physical security in the home office cannot be centrally controlled. For example, it is necessary to ensure that only secure and virus-free USB sticks are used, that family members do not have access to the laptop (this would also be a violation of the GDPR!) and that the devices are stored locked when they are not used.
Legal protection for the employer
In addition to the organisational and logistical challenges, employers must also overcome legal issues with regard to a home office regulation. These can arise from the General Data Protection Regulation, from internal compliance requirements as well as from customer-specific agreements (e.g. assurance of technical-organizational measures).
Awareness of danger among employees
You can protect yourself from infection with a real virus by being isolated in the home office, not from digital viruses. Whether phishing emails, extortion software or fake websites: all dangers persist; or even increase. For example, current, emotional topics are particularly often involved in the fraud attempts (“Subject: Important information about infected colleagues” etc.) – the attackers do not know any taboos.
This makes it all the more important to raise employees’ awareness of such dangers and to provide you with concrete help on how to deal with them. For this purpose, we offer, for example, a special e-learning package that can be used immediately to sensitize employees during the changeover.
About SoSafe Cyber Security Awareness
SoSafe GmbH, based in Cologne, Germany, is a provider of digital training solutions specialising in IT security and awareness building. The team of around 40 people ranges from ITSec experts to graduate psychologists. SoSafe’s awareness platform sensitizes, trains and tests employees in dealing with all types of cyber hazards. The training is interactive, motivating and 100 data protection compliant, which means that the solution is extremely well received by staff representatives and employees. With comprehensible KPIs and differentiated reporting, the success of cyber security training measures is finally measurable and visible. For more information: https://sosafe-awareness.com/home-office/.
Sources: https://blog.iao.fraunhofer.de/home-office-in-zeiten-des-corona-virus-12-tipps-fuer-die-kurzfristige-umsetzung/; https://www.theverge.com/2020/3/3/21163744/google-microsoft-free-access-coronavirus-google-hangouts-meet-teams; https://blog.f-secure.com/coronavirus-email-attacks-evolving-as-outbreak-spreads/ ; https://www.xing.com/news/insiders/articles/die-dunkle-seite-der-wolke-fast-die-halfte-aller-cyberbedrohungen-sind-cloud-basiert-3038282