IT security when working from home

Due to the latest developments with regards to the coronavirus more and more employees are working in their home offices again. Learn how to ensure IT security when working from home in this short summary of the risks and chances that come along with the new circumstances.

Update November 2, 2020

Back to home office – Back to digital collaboration

The second wave of the COVID19 pandemic has Europe firmly under control: in almost all countries, the number of infections is rising rapidly again. What does this development mean for organizations and their employees?

During the first wave of infection at the beginning of this year, many employees were already sent to work in their home offices in order to further limit contacts. According to a study by Bitkom, one third of the employees were even introduced to working from home for the first time ever. Even if for some it was possible to return to their office again: In the current situation, appropriate measures are being taken again to protect the employees from infections.

Collaboration tools when working from home

Status: The cyber-danger situation in the coronavirus crisis

But while organizations are better prepared for digital collaboration now, the dangers remain. After all, the last few months have shown that cybercriminals are deliberately exploiting the coronavirus crisis for their own purposes. Between January and April 2020 alone, Interpol observed nearly one million spam messages, 737 serious malware incidents, and nearly 50,000 malicious URLs in the explicitly related to COVID-19. In a report on the danger situation during the coronavirus crisis published by Interpol, respondents say that have increasingly observed phishing emails, but also new malware and fake websites since the beginning of the crisis. In the report, published in August, Interpol predicts a further increase in cyber attacks that exploit the general fear in society about the coronavirus.

The general upset and insecurity of the people and insufficiently protected computers and networks in their home offices offer the cybercriminals a perfect attack surface. They manipulate people emotionally by alluding to supposed new coronavirus regulations in phishing emails, for example, or pretending to represent official institutions. Like that, they are able to provoke clicks on malicious links.

The most important things about IT security when working from home in a nutshell

The temporary transition to working from home made collaboration tools and cloud services such as Microsoft Teams, Slack or Hangout very popular at the beginning of this year. During the current wave of infections, they are also likely to be used more frequently again in organizations. However, there are a number of pitfalls that need to be considered to ensure that the security of the processed data is not compromised when working from home.

  • The location-independent work offers new areas of attack for criminals. Nearly half of all cyber threats are now cloud-based. Also, organizations or IT departments have significantly less control over the networks and devices used by employees in their home offices.
  • Employers should therefore legally protect themselves,for example by having employees legally confirm that the data protection guidelines will also be adhered to outside the regular workplace.
  • It is also essential to raise awareness of the dangersthat arise when working from home among all employees.
Use secure connections in your home office

The biggest dangers when working from home

  • The networks employees use when working remotely are often not or only insufficiently secured, potentially threatening the transferred data. Where possible, one should use virtual private networks (VPNs) to ensure a secure connection. The infrastructure for this can usually be provided by the organizational IT.
  • Whether Office365, Google Drive or Box: As convenient as these web-based file-sharing tools are, they bring new dangers. For example, cloud security specialist Netskope found that 44 of all malicious threats target the cloud in a recent study. A neat and proper rights and access management is essential to protect sensitive company data.
  • How work devices are stored is much harder to track for organizations outside the regular workplace since physical security in home offices cannot be centrally controlled. It has to be ensured that only secure and virus-free USB sticks are used, that family members do not have access to the laptop (this would also be a violation of the GDPR!) and that the devices are stored locked when they are not in use.

Legal protection for employers

In addition to the organizational and logistical challenges, employers have to overcome legal issues in relation to home office and remote work regulations. These can arise from the General Data Protection Regulation, from internal compliance requirements as well as from customer-specific agreements (e.g. assurance of technical-organizational measures).

Legal security for working from home

Coronavirus as an incentive for new working models

According to a study by the European Centre for Economic Research, a large number of companies plan to make remote work possible for employees even after the crisis. A human resources manager survey from a cooperation between Randstad and the ifo Institute, reveals similar plans – more than a third of companies want to focus more on digital collaboration tools in the future, and almost two-thirds want to conduct videoconferences more frequently.

For all the uncertainties and dangers that the crisis poses, it has thus given digitization an upswing in many professional contexts. In annual report on IT security 2020 the German Federal Office for Information Security (BSI) states: “It is to be expected that the pandemic will change the way institutions work in the long term. The COVID-19 pandemic is therefore also an opportunity for the digitization of working environments.” In order to do so, however, awareness of IT security when working from home has to be built.

This requires IT security measures to ensure that data and systems remain protected. In particular, the role that people play in cyber security matters should be prioritized.

Threat awareness among employees

You can protect yourself from infection with a real virus by limiting contacts and isolating yourself in your home office, not however from digital viruses. Whether phishing emails, ransomware or fake websites: all these dangers persist or even increase. As already described, current, emotional topics are involved in fraud attempts particularly often (Subject: “Important information on infected colleagues” or similar) – the criminals have no taboos when it comes to attacks.

This makes it all the more important to train employees to be aware of such dangers and to provide them with concrete help on how to deal with them. For example, we offer a special e-learning package that you can use to sensitize employees when they switch or return to working remotely.

Über SoSafe

Die Awareness-Plattform von SoSafe sensibilisiert und schult Mitarbeitende kontinuierlich im Umgang mit dem Thema IT-Sicherheit. Phishing-Simulationen und interaktive E-Learnings bringen den Mitarbeitenden auf effektive und nachhaltige Art und Weise bei, worauf etwa bei der Nutzung von E-Mails, Passwörtern oder sozialen Medien besonders zu achten ist. Das Unternehmen erhält ein anonymes, aber differenziertes Reporting und kann Awareness-Building so messbar machen – vollkommen DSGVO-konform.