Our Home Office info sheet and e-learning demo contain quick tips for staying secure: digitally and behaviorally.
For many, working from home has long been an integral part of their job, while others are still adapting to a new work environment and learning to embrace it. A study from Owl Labs revealed that working from home is an appealing alternative for many, with 46 percent of employees saying they would take a pay cut of up to 5 percent to continue working remotely after the pandemic. And one in three claims they would quit their jobs if the company did not allow remote work after COVID-19.
Working from home not only means moving your workspace from the office to your living room but also adopting the correct cyber security measures to make your home office safe. This topic requires special attention now because remote workers are often more vulnerable to cyberthreats: 75 percent of cyber security experts surveyed for the Human Risk Review 2022 report said that hybrid work models have made the risk landscape more dangerous.
As remote work has become mainstream and cybercriminals are taking advantage of the vulnerabilities of this relatively new working model, learning the basics of how to protect yourself and your data against hackers is a must.
Hybrid work: What does that mean?
Hybrid work involves a combination of working at the office and from home. Employees in many industries are no longer bound to a fixed workplace on company grounds and instead can now work elsewhere. To do this, employers usually give them access to the same tools and data outside the normal office environment.
However, this doesn’t mean employees have free rein to do as they please simply because they can work “anywhere,” as hybrid models are often strictly regulated. Organizations and their employees must abide by certain guidelines that determine how and to what extent work devices can be used in one’s home office or even outside of the conventional office. Work devices must meet network security and network performance requirements to function as seamlessly and securely as they do in an office environment. This development became increasingly necessary in recent years due to the coronavirus pandemic.
New working models after the pandemic
The COVID-19 pandemic has significantly impacted how we work, reshaping what we view as normal. As the number of cases continued to rise, it was impossible for large groups of people to gather in one area. Organizations around the world took action to allow their employees to continue working. Home office work, which became a legal requirement in many places, was implemented as a solution to keep up normal production rates while preventing COVID-19 infections among employees. This measure helped reduce the risk of companies having to cease production or even go bankrupt during the most difficult times of the pandemic.
This situation changed many aspects of normal working life: Digital meetings replaced personal meetings, and talking face-to-face started to feel like a thing of the past. Video conference and collaboration tools became considerably more popular after the pandemic. According to SensoTower data, video conferencing apps grew 150 percent in the first half of 2021. However, growth didn’t stop after the pandemic. Statistics from Global Market Insights reveal that the video conferencing market size exceeded $25 billion in 2022, and it is expected to grow even more from 2023 to 2032.
How hybrid work models affect cyber security
Statistics clearly show that this “new normal” of hybrid work will become increasingly common in the foreseeable future. As this work model grows in popularity, it becomes a clear target for hackers, who use the latest cybercrime innovations to put the security of thousands of companies at risk.
Home workers are the primary target of criminals as cyberattacks have risen 238% in volume since the beginning of the pandemic.– Andrea Burgess, Alliance Virtual Offices
Hackers have identified the weaknesses of remote work and are determined to leverage them. Unfortunately, they know the uncertainty of employees as they adapt to work in a different environment, as well as how social changes and new work infrastructures alter their work processes, leaving them more vulnerable to threats.
Many employees are also worn out by the continuously tense global situation, which doesn’t allow them to focus on cyber security matters. On the other hand, cyber security experts, in particular, have been heavily impacted by employee shortages, understaffed teams, and low budgets. This situation has put a lot of pressure on them and on businesses, with 60 percent of companies struggling to retain their cyber security workers in 2022, with stress being one of the top 5 reasons for resignations, according to a study by ISACA.
The threat landscape is a constant source of challenges. The increased use of collaboration tools like Microsoft Teams and mobile phones now offers fertile ground for cybercrime. The level of security risk depends, to some extent, on how well employees adhere to security guidelines.
With so much work being done outside the office, companies need to teach their employees about the risks – and how to mitigate them – so that they can protect themselves against cyberattacks. Below are 10 tips to help you and your team ensure cyber security in remote work.
10 tips to improve cyber security in your home office
Nobody expected that we would need to protect our work devices when at home, but as work models evolved and we started turning our home into our workplace, keeping ourselves and our data safe became essential. Everything from your internet connection to where you store data or whether you keep your software updated can make a difference when it comes to cyber security. Here are 10 tips to ensure your home office is well set up against cyberthreats.
1. Internet connection (VPN and WLAN)
Ensure you only connect to the Internet in a secure environment. Use only secure, password-protected Wi-Fi connections for your work devices, and avoid public networks. This will greatly help prevent your network from being infiltrated by external parties. Only connect to the Internet with a VPN (Virtual Private Network), which shields your data and systems from outside access. A VPN encrypts data, transmits it through a digital “tunnel,” and releases it on the other end. This makes it nearly impossible for cybercriminals to access data.
2. Storage solution (cloud)
Prevent access to confidential and personal data by storing it in a protected environment – which is where the cloud comes in. It’s important that your company’s IT department has approved the cloud’s security, storage capacity, upload speed, and flexibility because only then can you be certain that it’s suitable for professional use. Avoid using private cloud services for work purposes because they don’t offer the same protection as professional clouds.
3. Passwords & screen locks
Cyber security for
Also, avoid using the same password for multiple accounts, as this will minimize the extent of the damage of a potential cyberattack. If you reuse one password and hackers decipher it, all the accounts where you used the same password would immediately be compromised. However, choosing different passwords is not enough because they should also meet certain criteria to be secure, such as combining upper and lower case, including numbers and special characters, or being at least 12 characters long. This may sound complicated, but there are tools called password managers that generate secure passwords and save them to prevent you from having to remember them all. Some examples are 1Password, Bitwarden, and Dashline.
Once you master the art of creating passwords, start using password-protected screen locks on your work devices to prevent anyone, including members of your household and their guests, from viewing sensitive data when you are not around.
4. Regular security updates
For optimal security – and this applies everywhere, not just in your home office – conduct regular security updates. Install the relevant patches, check your router’s settings regularly, and ensure your hardware and software are always up to date. This is very important because some updates contain security flaw patches that could prevent cybercriminals from infiltrating your systems and stealing sensitive data. You should especially keep your antivirus software up to date. Arrange this with your organization’s IT department if necessary.
5. External data storage media
One particularly deceptive trick cybercriminals employ is infecting external data storage media – such as USB flash drives – and leaving them near office buildings or employees. The temptation to connect an unknown USB flash drive to your own device is nearly irresistible. However, avoid doing this because you don’t know what might be on it. Be careful with your own storage media as well because they can also be infected with malware. Lock them up when not in use so that others can’t access them.
6. Organization (physical and digital)
Tidy desk, tidy mind: Having everything you need at hand and not stumbling into clutter every time you must reach for a pen will give you peace of mind and increase your productivity. It will also make your home office setting more secure. By tidying up the space and avoiding leaving important data storage devices and documents visible – especially if there is a window nearby – you will keep away intruders and prying eyes.
Your virtual workspace also deserves attention. If you have data and files hanging around your desktop, put them where they belong. This allows you to easily find important documents when you need them and detect any suspicious files earlier.
In the end, tidying up spaces is important in every aspect of life. Just as you would not leave your most expensive and valuable belongings at the doorstep of your house, you want your digital assets to be safe and out of reach.
7. Confidential documents
The level of confidentiality of the documents you handle at work depends on the type of information they contain, the type of work you do, and the company you work for. Therefore, it is important to learn and respect the levels of confidentiality of your company to avoid sensitive information from falling into the wrong hands. Remember that limiting access to sensitive data to only the necessary stakeholders is better. A key aspect of protecting confidential documents is organization. Consider using a lockable cabinet or roller cabinet in your workspace so that you can store them properly. This will prevent unauthorized people from seeing the information these documents contain.
If you no longer need certain confidential documents, a shredder is the best way to ensure they are destroyed. Alternatively, you can use a permanent marker to make the documents illegible. Don’t throw documents in the trash!
8. Communication and contacts
Only use tools your organization provides to ensure that internal communication stays secure and on the same platform, and avoid private messenger services. Only conduct phone calls or video conferences with other employees in areas where nobody else can hear you – this prevents confidential information from falling into the wrong hands. Make sure you know exactly who to contact in case of data breaches and cybersecurity incidents.
Working from your home office means using your webcam to participate in meetings and conferences. Unfortunately, your webcam is an easy target for hackers: It allows them to view important documents in your workspace and scout for personal information that could be used in spear-phishing attacks. Purchase a sliding cover for your webcam that prevents cybercriminals from spying on you in this way. It’s also recommended that you conceal your background when your webcam is on so that you are the only thing visible on camera.
10. Cyber Security e-learning
This is the most important tip on this list: Be aware of the risks of working in your home office. Social engineering attacks that aim to trick you into clicking on a link and sharing login credentials or other sensitive data are more successful against companies using hybrid work models. Cyber security awareness training helps you recognize and protect yourself against these risks while keeping your data where they belong: in your hands.
ISO regulations – Guidelines for safe handling of information
The tips listed above make one thing clear: Employees play a crucial role in ensuring cyber security, especially in home office work settings. But in addition to the precautions you can take as a user, organizations are bound by regulations that specify how to implement cyber security from a home office. The International Organization for Standardization (ISO) provides recommendations for a wide range of fields. ISO-27001 regulates home office work, provides guidance to organizations’ information management systems, defines the requirements for these systems, and specifies how they can be employed, maintained, and continuously improved. In particular, ISO-27001 addresses and evaluates cyber security risks in organizations and helps organizations mitigate these risks. From employee training to regulating third-party access to information, here are some of the most important recommendations of ISO-27001 and how they contribute to improving your cyber security.
|Regulation||How this regulation helps minimize cyber security risks|
|Offer comprehensive employee training||Create awareness|
|Provide suitable means of communication||Facilitate secure remote access, screen locks, and timers for inactivity|
|Offer hardware and software support and maintenance||Properly functioning devices and programs|
|Guidelines for access by third parties||Regulate devices and permissions|
|Revoke permissions and access rights after termination of employment, and return of hardware by employees||Prevent unwanted access to work materials and sensitive data|
Using awareness to prevent security vulnerabilities
There are many tips and secure habits you can implement to make your home office more secure, but your home workspace can only be better protected against risks if you use them consistently and continuously.
Working from home has become a matter of course for many workers, partially due to the pandemic, and it’s of utmost importance that we learn about the cyber security risks that arise at home. Cyber security e-learnings, such as the one offered by SoSafe, help you establish secure habits and defend yourself against potential dangers. Learn more about this topic in our “Home Office Package” guide, which includes a practical checklist to stay secure in your home workspace.
Cyber Security Awareness Blog
Fulfill compliance and boost employee engagement with Content Management
Are you interested in improving learning adoption and steering digital transformation in your organization? Do you need a platform that increases audit readiness and helps you be compliant? Our new Content Management solution helps you easily fulfil these requirements. Discover it now!
Cyber Security Awareness
What are the differences between spear phishing and phishing?
That once seemingly simple email now carries the disguised power of being dangerous. Unfortunately, this makes it an effective tool for cybercriminals. To be safe, spotting a phishing email is step one. Are you confident you can? What about its more advanced version, infamously known as spear phishing? Let’s find out.
Behavioral Science, Cyber Security Awareness
Gamification in e‑learning: Enhancing the online learning experience
If someone told you learning is no less than a game, would you believe them? Gamification has revolutionized e-learning across industries and domains, creating a massive impact on providing a sense of achievement for learners. The interesting part? Having fun throughout this process is just the beginning.
Make phishing attacks miss the mark