Study Shows That 27% of Security Breaches Are Due to Unpatched Vulnerabilities
Last updated September 23, 2021
Given the fact that many countries around the globe have started to close down offices and other non-essential businesses, many companies now have the option to let their employees work from home. Naturally, this is only possible if the companies in question operate in the IT field since the transition from working on a PC at the office to working on a PC from home is pretty simple in most cases.
On the other hand, letting employees work from home comes with a few new risks that weren’t a problem until now. We actually talked about that in our article about why you shouldn’t connect to unknown Wi-Fi networks, but there are definitely more dangers than that.
In essence, the main problem is that the workers are usually protected by the company’s firewall, Internet filters, and VPNs while at the office, which obviously are not available for them at home. Hence, while they could still build up their own security measures at home, and we highly recommend investing in a VPN at this point. However, most people are not accustomed to being exposed to online threats while working, so they may not even give a thought to the issue.
However, the important thing to keep in mind is that just because work-from-home employees can create new cybersecurity vulnerabilities, that doesn’t mean that companies shouldn’t take precautionary steps. The current pandemic is far too serious to put money before the health and safety of the employees, and it’s also worth remembering that there are plenty of ways to mitigate these risks if the companies in question offer a bit of guidance to their workers.
With that in mind, here are some of the vulnerabilities your company may be opening up to by letting people work from home during the Coronavirus lockdown.
The reason why companies rely on private networks and servers most of the time is to limit access to their assets. As such, while you may want your employees to be able to work with databases, customer records, or code files, you definitely do not want to make those things public, especially since many of them contain copyrighted or patented ideas.
Granted, it’s always possible for someone to hack into your company’s servers and gain access to these assets, but that’s a risk you can protect yourself against by installing good security measures. Once people are outside the office and those security measures are no longer under the company’s control, things can get messy fairly quickly, especially if the workers do not respect the proper procedures.
Many types of jobs require the employees to transfer files to their computers in order to work on them, which means that those files are only as secure as the device they are on. If the worker in question falls prey to a certain malware attack, those files can be stolen and leaked, which can lead to all sorts of trouble.
However, this is also true even if the employees do not have to download anything, as is the case with many proprietary online platforms many companies use. Even if the data is still being stored on private company servers, remote workers who get hacked can have their account credentials compromised without their knowledge, which would let an attack simply log into the company platform and access various databases, ledgers, or customer records.
As we’ve seen before, many big corporations suffered leaks that exposed the personal data of millions of people, and that was definitely not in a time of the global pandemic. It would appear that very few companies care enough about this private information in order to secure it properly, which is why hackers usually have an easy time leaking it online for everyone to see.
On the other hand, if your company lets people work from home now, it doesn’t matter how good the security is when it comes to the personal data collected from customers. Hence, even if the records are encrypted, all it takes is for one employee to fall for a phishing scam in order to have his account credentials stolen.
Once that happens, the hackers can simply access these records as a regular employee, which would allow them to easily copy and transfer the data to their own computers. Depending on the case, they can choose to ransom it in exchange for money or leak it immediately just to make the company in question look bad.
In fact, there is also a worse scenario that involves outright data deletion, especially if the attackers are truly ruthless. While it is true that most companies have multiple backups in place in order to handle such situations, restoring everything back to normal can take a very long time, and no one really wants any such delays during a time like this.
Given the fact that most employees will have to take work laptops or desktops to their homes for a few months, the chances of these machines getting infected with malware increase considerably. This is especially true if the workers in question are not particularly tech-savvy either, which means that they rely on the IT department to troubleshoot problems or protect themselves against malicious software and websites.
Speaking of which, the lack of an IT department is really going to take its toll on many remote workers, especially if they are not capable of watching out for threats while using their computers. As mentioned before, they are usually protected against these threats by VPNs and various network security measures, which won’t be available in their homes.
To make things even worse, many of these people won’t realize that their computers are infected, which means that they will bring those computers back to the office once the crisis subdues. While in a perfect world these workstations would be checked by the IT department before being connected to the company’s intranet, the truth of the matter is that it may not be the case in many situations, especially since the tech guys may be overwhelmed once everyone returns to the office at once.
Hence, that malware could then spread to other computers around the office, and even to the servers if the network is not properly secured. This could lead to even more delays and productivity issues, which is definitely not something you want to deal with when you are already trying to recover from a hard couple of weeks or months.
While this is not the case for every company out there, there are plenty of domains where employees have to work with licensed software in order to do their job. This can include third-party accounting software, image processing software, video editing software, and more. Obviously, buying business licenses for such software can be extremely expensive in many cases, which is why the serial codes and activation keys are kept very secure.
Once employees start using this software at home, on the other hand, these serial numbers have to be kept safe by them instead, which is easier said than done. Hence, while none of them would willingly leak this information, it’s very easy to leave the wrong window open while taking a screenshot and thus capture sensitive data in the process.
If the workers make the mistake of posting these images online without checking them first, other people can take advantage of this by trying to reuse those keys. Depending on the software, this may or may not work - it’s really a matter of how the activation process works and how many computers the program can be installed on.
However, the developers working on the software in question may suspend your account if they detect suspicious activity surrounding one of the serial codes licensed to your company. Obviously, things can be resolved once the matter is explained and everyone understands what happened, but that introduces new delays and problems that are undesirable at this time.
As we all know by now, meetings are crucial in the corporate environment, because apparently no one is able to do anything unless they have a two-hour meeting with at least five other people beforehand.
All joking aside, meetings can definitely be productive under the right circumstances, and thanks to video conferencing software, this doesn’t have to stop once everyone starts working from home. Hence, it’s actually quite easy to have online meetings nowadays, especially since the video and audio quality has improved significantly over the last couple of years. Not only that, but there are also many great software solutions out there, not just Skype.
Obviously, the whole point of a company meeting is that no one but the people invited to it should know what’s being discussed. In the online world, that may not be the case if one of the attendees has a compromised computer because hackers can easily mirror their desktops and listen to every word of the conversation.
Besides the obvious privacy violation concerns, this can also lead to leaked company secrets if the employees in question happen to discuss highly classified issues during the meeting. In addition, the worst part is that it would be incredibly difficult for anyone to notice the fact that someone else is listening since only the person with the infected computer has any chance of detecting the intrusion by checking their operating system.
To make matters even worse, this can also happen regardless of whether you use a publicly available video conferencing solution or a proprietary one since the attack does not rely on breaking the app’s security in any way. Hence, it doesn’t matter if everyone is using a custom-built app with encryption and great security, because the attacker only has to take control over the rest of the computer, and not the app itself.
Naturally, reading about everything that could go wrong if you let your employees work from home in these trying times might make you think twice about actually doing it. However, keep in mind that we are only referring to the worst-case scenarios in this article.
In addition, there really isn’t any alternative out there during this global pandemic, unless you want to shut down your company for good for a few months, and that’s definitely not something many companies can recover from.
There are ways to mitigate these risks even more, especially if you take the time to talk to your remote workers about security before trusting them with your company’s data and software. It really doesn’t take long to train people not to click on shady links or connect to untrusted Wi-Fi networks, so most of the training can probably be achieved in a series of short videos, or even a few pages of text.
In addition, you can also use this opportunity to purchase a business VPN solution for your company. Besides making sure that your employees stay safe while working from home, you can also make use of the VPN after the crisis blows over, which means that no value is lost in the process.