Why hackers are targeting your WFH staff (and what to do about it)

More people are working from home (WFH) than ever before. This was a trend that had already been seen long before anyone had even heard the word ‘Covid’, but there can be no doubt that the pandemic did a lot to speed up the progress of change. With many governments around the world choosing to recommend people work remotely during the pandemic, businesses were forced to adapt.

In fact, it is estimated that while the pandemic saw the number of people WFH double, the vast majority now believe that they will continue to work remotely at least part of the time. This shows that the pandemic not only accelerated the WFH trend, but it has also led to a long-term change in how people view work.

Remote working, of course, has many positives and benefits for both businesses and employees. However, it has also been suggested that one of the potential challenges comes in the form of a rise in cyberattacks that target anyone working remotely.

You might argue that this is to be expected; more people are WFH than ever before, so it is unsurprising that there are more cyberattacks targeting those individuals. There is some truth to this, but it is also more complicated.

Here we’ll take a closer look at exactly why cybercriminals are choosing to target remote staff, as well as examining what businesses can do to protect their workers.

The challenges

This issue is more complex than the simple fact that there are more people working remotely – although that certainly does play a part. Unfortunately, there are a number of good reasons why cybercriminals and hackers are choosing to target remote and WFH staff.

Bad cybersecurity habits

A survey of IT professionals revealed that more than half (56%) believe that staff have picked up bad cybersecurity habits from working at home. These bad habits can come in many forms and might involve not using strong enough passwords for their company credentials. Or, it might revolve around issues such as moving company data to personal email accounts.

In many cases, members of staff aren’t even aware that by doing something that simply makes their working life more convenient, they are actually putting themselves and the company at greater risk.

A good example of this is ‘Shadow IT’. Shadow IT refers to the software and apps that members of staff use without permission or approval from the IT team. These may be simple and innocuous software that isn’t actually harmful in itself. However, when the IT team vets and approves software for use, they will check for known vulnerabilities and patches.

By installing software that hasn’t been approved, staff are potentially giving opportunities to hackers.

Fewer protections

It is also true that remote staff have fewer protections than they might be used to in the office environment. Staff that work in-house will often use a company computer that is protected by the company firewall, as well as the various cybersecurity features put in place to defend the business.

When working remotely, WFH staff will likely use their own devices. While these personal devices may have some level of protection is unlikely to be as advanced or sophisticated as those used by the company. 

Staff may also use devices that simply do not have any level of protection. This is increasingly common with the use of smartphones and other connected devices.

Some solutions

It is important to understand that businesses do not have to be defenceless against cybercrime. There are a wide range of solutions that companies of all sizes and across all industries can take to mitigate their risks, and help keep their staff secure against the various forms of cybercrime.

Migrate effectively to the cloud

If you want your staff to work remotely safely, one of the most important things to do is manage your migration to the cloud. Staff who WFH require access to company data and files through the cloud, and this has led to many businesses having to rush their plans to allow staff access.

Fortunately, carrying out a strong migration that makes security a priority can actually improve the overall security of your business. 

“Your IT team no longer has to monitor and patch up any holes in security: it’s all done centrally, monitored and updated 24/7/365,” says Tom Joyce of contractor recruitment specialists ClearHub “cloud security and resilience is now far better than that of on-site server rooms, to the point of their redundancy. If security really is a concern, then cloud is the best possible solution”.

Provide high-quality cybersecurity training

One of the most important things that you can do to keep your staff secure against cybercrime is to arm them with knowledge. Businesses should not consider cybersecurity to be the sole responsibility of the IT team. Staff need to have the best information at their disposal to understand the most common types of attack and what they should do in the event of being targeted by cybercriminal activity. 

It should also be noted that any cybersecurity training should not be ‘one-and-done’. The fact is that cybercriminals are constantly updating and advancing the techniques that they use. This means that the best practice on cybersecurity goes out of date very quickly. 

Businesses should provide regular cybersecurity updates that keep staff aware of all the latest types of attacks and what they should expect or be aware of.

Are businesses more vulnerable because of remote working?

It can certainly be argued that while remote working has a wide range of benefits, the fact that staff who WFH are more likely to be targeted by cybercrime does lead to the company being more vulnerable. For those businesses that want, plan or need to have remote staff working options, it is important to put powerful cybersecurity measures in place and stay alert.

Is your organisation doing enough to help mitigate the risk of a cyberattack such as this? Find out in our Free Click-Prone® Test today.

Recent posts