IEEE comments on growth of WFH

As the Office for National Statistics (ONS) reveals the number of employees working from home has more than doubled since 2019, we ask Kevin Curran, IEEE (www.ieee.org) senior member and professor of cybersecurity at Ulster University whether this is a worrying trend for businesses and will more businesses be more critically exposed to cyberthreats.

“There has been a serious culture change over the last two years, with many organizations having now adopted a hybrid working model.  While initial concerns focused on infrastructure, equipment, and bandwidth provision, workers are now far more accustomed to working from home.  However, organisations are now far more vulnerable to security threats than ever before.  Security teams will have built policies and procedures that protect individuals and their wider infrastructure.  With the reliance on personal devices, cloud networks, and remote access technology, it is fair to say that employees have been operating outside of the traditional IT safety-net – there is a real risk of employees making bad choices.  If remote working is to continue at this scale, businesses must implement the correct tools to minimize their exposure and mitigate potential threats.”

“The threat landscape is constantly evolving, so organizations need to keep pace and ensure that they regularly review and upgrade their defences.  Some approaches that worked just a few years ago are now obsolete and attackers change their profile far quicker now, so it is incredibly difficult to identify which packet requests are nefarious.  To minimize the risk of attacks, organizations should implement a training session for staff members as soon as possible, so they can fully understand the associated risks with using their own devices.  This will help staff members collectively understand the core best practices, including data security management, enforcing strong passwords on personal devices, and safer habits online.  To keep the information fresh in all staff members' minds, this could be carried out every few months, depending on the scale of the organization.”

“Moving forward, IT departments must be able to maintain proficient security protocols or policies for years to come.  Inevitably, this means increasing the amount of IT security staff and ensuring all staff are sufficiently trained, even if just basic cyber skills.  The first line of defence for organisations to stop some attacks is to simply educate employees about the dangers of clicking on links. Employees need to be well trained on aspects such as cybersecurity best practices such as phishing and data sharing practices, keeping software updated, unique strong passwords, enabling two-factor authentication.”