Cyber Security and Working From Home

After working from home for months, Britons have developed ‘lax’ cyber security habits. According to a survey of cyber security awareness and best practices in the UK by Mimecast:

  • 63% of UK workers polled use their personal devices to access the employer IT systems
  • Almost 60% forward personal emails to their professional email accounts, and vice-versa, as the lines between their personal and professional lives ‘blur’
  • 4% customarily open attachments from unknown sources; 47.1% click on links in emails from unknown sources

WFH Cyber Security Issues

Email remains the primary source of cyber security issues: 42% of IT leaders polled acknowledge most cyber security incidents start when an employee clicks on a malicious link contained in a bad email. Thirty percent say that these emails mimic an internal source - this increases the challenge to identify whether a source is legitimate or not for employees who may not have seen their colleagues since March (2020).

“With many offices forced to close overnight, many workforces were working remotely for the first time,” says Francis Gaffney, Director of Threat Analysis at Mimecast. “This obviously had major implications for cyber security, as IT had limited visibility into employee cyber habits.” Ergo, smart home devices and their apps represent a ‘major weak link’ in the enterprise cyber security chain as the lines between work and home life increasingly blur due changes wrought by Coronavirus. 

Remote Working Devices

Elsewhere - running similar questions more broadly - Trend Micro’s Head in the Clouds study surveyed more than 13,000 remote workers across 27 countries. Its findings reveal that 39% of workers use their own personal devices to access work data, often via cloud-hosted third-party services and applications hosted. Again, these smartphones, tablets and laptops are perpetually less secure than employer equivalents and are exposed to insecure IoT apps and gadgets on home networks.

The study found, for example, that 36% of remote workers surveyed still do not have basic password protection on all personal devices. Fifty-two percent of global remote workers have IoT devices connected to their home network, 10% using lesser-known brands, the study revealed. 

Many such devices - especially from smaller brands - have well-documented weaknesses such as unpatched firmware vulnerabilities and insecure logins, according to Trend Micro. These could allow attackers to gain a foothold in the home network, then use unprotected personal devices as a stepping-stone into the corporate networks they are connected to. 

The Cost of Cyber Attacks

And as to where and how all this sits in the bigger picture. Growing awareness of the financial impacts of cyber attacks has brought forth several estimates as to their overall damage. The Cost of a Data Breach Study conducted by IBM and the Ponemon Institute estimated the global average cost of a data breach at €3.21m, an increase of 6.4% on the previous year (€3.01m). Downtime and operational losses due to cyber attacks, meanwhile, are another metric by which to assess the financial impacts.

Cybersecurity Ventures reckons cyber crime generally will incur a global cost in excess of €5trn annually by the end of 2021, up from €2.5trn in 2015. Cybersecurity Ventures’ damage cost projections are based on historical cyber crime figures including recent year-on-year growth, a dramatic increase in hostile nation state sponsored and organised crime gang hacking activities, and a cyber attack surface which will be an order of magnitude greater in 2021 than it is now.  Sobering news indeed.

Richard Wheeler Associates has expertise in recruitment for cyber security companies. Find out more about our Cyber Security Recruitment service or Contact Us.