Working from home – what are the risks?

Since the Coronavirus Pandemic began, the way many of us live and work has changed. Recent research suggests that working from home (WFH) has actually resulted in some positive outcomes for businesses with some reporting a 25% increase in productivity. On the downside, Cyber criminals have also seen this new working from home world as an opportunity to wreak virtual havoc, as evidenced by the fact that Cyber attacks have increased by a staggering 125 percent in the last year alone.

Without the security protections that come with working in a traditional office environment, including firewalls and automatic blacklisting of IP addresses, businesses whose staff work from home are more exposed and vulnerable to Cyber attacks than ever before.

Resilium Insurance Broking’s Managing Director, Ben Hastie, says that in the last 18 months there has been a significant surge in demand for Cyber insurance from businesses looking for all options to minimise the risks associated with a Cyber attack.

“The most obvious risk of working from home is that most companies’ work activities are being conducted online and this presents the perfect opportunity for new forms of data theft and increased cyber risk,” suggests Mr Hastie.

“Another threat that remote workers face is the possibility of attackers sending phishing emails, designed to fool people into handing over their private details or click on a malicious attachment,” he says.

Indeed, recent research from Deloitte reveals a 600% increase in reported phishing emails since the end of February 2021, with 25% of those surveyed also reporting a significant increase in fraudulent emails and spam to their corporate email.

What can WFH employees do to be better prepared for a Cyber-attack?

  1. Employees working from home should be equipped with the latest technology including high-spec hardware (laptop, smartphone and printer), up to date software (video-conferencing tools and data management systems), and a reliable internet connection (fast broadband and secure access to the corporate network via VPN).
  2. Consider using extra security measures like multi-factor ID authentication for portable devices like laptops, iPhones and iPads.
  3. Conduct ‘safe web browsing’ – don’t click on things that look legitimate. Always check the URL and whether it’s from a trusted sender.
  4. Email security is vital – Do not use your personal email for work purposes, never open attachments on unfamiliar emails, don’t click on any suspicious links within emails and consider the email itself as to whether the links look strange or there are spelling/grammatical errors.
  5. Password protection – Avoid common passwords which include seasons, city names, pet names, family names. Consider using full sentence passphrases with numbers or symbols (i.e. WelcomeToSharePoint2018!).
  6. Lock up important business materials – Don’t leave papers, computers or other electronic devices visible in an empty car or house.
  7. Shred sensitive paper records before disposing of them – Cyber criminals aren’t just behind a computer screen and will go through bins to find personal data.
  8. Cyber insurance – Talk to a Resilium Adviser about your risk profile and how you can be protected.

“Cyber criminals do not discriminate – they’re on the lookout for weaknesses in the IT systems of any kind of business, whether it be small, medium or a large corporate behemoth like Facebook which was successfully hacked in June 2021 this year,” says Mr Hastie.

What are some of the most common Cyber attacks to be wary of?

  1. If a Cyber attack is a Malware breach, it can cause damage to an entire computer network via ‘worms’ viruses or trojans… leaving the computer and the whole network inoperable as the hacker controls the system remotely.
  2. If a Cyber attack is a Ransomware breach, this is a type of malware that encrypts a victim’s files and sees the Cyber attacker demanding a ransom to restore access – usually in payment via untraceable Cryptocurrency.
  3. Phishing is one of the oldest types of cyberattacks and it’s still one of the most destructive. It tricks email recipients into believing that the message is something important and from a real provider like a bank or a notice to update Office 365 for example.
  4. Denial of service is a type of Cyber attack that is an attempt to make an online service unavailable by overwhelming it with traffic, by compromising systems to flood sites causing the website or server to slow down or crash.

All businesses, large or small, can be the target of Cyber attacks. In addition to ensuring your IT systems are up to date for WFH staff, talk to one of Resilium’s Insurance Advisers today about how Cyber Insurance can help keep your business operational even if it has been breached by a Cyber incident.

 The information provided in this article is of a general nature only and has been prepared without taking into account your individual objectives, financial situation or needs. If you require advice that is tailored to your specific business or individual circumstances, please contact Resilium directly.

References:
1) Australian Government Department of Home Affairs, https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/overview

2) Deloitte, Cyber crime – the risks of working from home | COVID-19 | Deloitte

3) Australian Government – Australian Cyber Security Centre, COVID-19: Cyber security tips when working from home

4) Sydney Morning Herald, A quarter of workplaces saw productivity improve during COVID-19

5) Inforsecurity Magazine, Covid19-drive-phishing-emails