Working from home - a security risk for company data?

Home or hybrid working models will continue to play a significant role in many companies in the future and define a new standard. But what risks does working from home entail, and how can these be minimised?

Of course, the ideal scenario is that every employee has their own perfectly equipped office at home. However, this is often not the case. Not only are kindergarten and school-aged children sometimes also in the „home office,“ but weak Wi-Fi signals or a lack of suitable rooms also make this wishful thinking impossible. However, if a professional workspace is not available at home, a professional and security-conscious working method should still be maintained. Working from home places even greater responsibility on each individual than working in the office, as the IT manager is not within immediate reach. Secure passwords with 2-factor authentication, locking your work device when leaving your workstation, and storing it securely at the end of the workday are simple basics that need to be considered.

Dangers posed by internal users
The use of private devices is also a trend to be observed, especially in small and medium-sized enterprises. This is usually driven by the employer's primary motivation to „save“ costs on company laptops and smartphones. However, this is associated with a number of dangers that can prove far more costly for the company. Private devices generally offer completely inadequate protection, causing companies to lose control over their data security.

Outdated computers with missing or inadequate security software offer entry points for attacks. Irregular updates to the operating system and installed applications are also major risk factors here. The use of these devices by multiple people in a household with varying levels of security awareness must also be considered extremely concerning from a risk perspective. This is because users, in some cases, have little knowledge of online dangers such as phishing, viruses, and Trojans. Inconsistently maintained and managed systems already pose a certain risk within a company. The danger is all the greater when using private devices.

However, deliberately disregarding company-mandated security policies to work „more productively“ is also a daily danger that keeps security managers on tenterhooks. For example, employees send company documents to private email addresses, use the same passwords in multiple places or even share them with colleagues, use company equipment for private purposes, or even attempt to install their own applications on company devices.

Dangers from cybercriminals
Regular employee training is an essential task to develop a general understanding of IT and data security. However, employee instruction alone is not sufficient. Companies must also invest more in the security of home workplaces to be adequately protected.

The current work situation is being exploited by cybercriminals to profit from the crisis. For example, video conferencing offers attack vectors for hackers, as unauthorized access to certain conferencing services is quite easy. Once they have infiltrated, they can forward links via the chat function to direct malicious software onto participants’ devices. Furthermore, poorly or unsecured Wi-Fi connections pose security risks, as unauthorized individuals can easily access devices and spy on information or manipulate data.

Criminals also attempt to inject malware into devices and the corporate structure through fake information, fraudulent websites, or emails. An example of this malware is ransomware. However, ransomware, phishing emails, and other types of malware are only part of the numerous threats that companies face.