According to a recent Bitkom study, almost every second employee in Germany currently works in a home office.
The trend is on the rise – not least because of the new, Germany-wide Corona Occupational Health and Safety Ordinance of the Federal Ministry of Labor and Social Affairs, or HMAS for short, which came into force on January 27, 2021, and obliges employers to allow employees to work in a home office – initially until March 15, 2021.
But that’s not all: According to Bitkom projections, significantly more people will and want to work in a home office after the pandemic is over than initially.
For this reason, it is high time that organizations realign their IT security concepts and include the home office in them. Part of this effort could also involve using software to track your employees.
On the one hand, to effectively protect their entire corporate network with all endpoints, mobile devices,` and home-office workplaces from Internet threats and cybercriminals. Second, to provide employees with a workplace built on a culture of trust and results.
Home Office as a Breeding Ground for Cybercriminals
Since the outbreak of the Corona pandemic, many employees have been promptly and sometimes precipitously relocated to the home office. In many places, state-of-the-art cloud applications, collaboration tools, video conferencing, and mobile devices have been deployed to facilitate decentralized teamwork.
But the new infrastructures have opened a multitude of gateways that cybercriminals are already deliberately exploiting to launch phishing attacks, man-in-the-middle attacks, and CEO fraud attacks, among others.
In April 2020, for example, the German Federal Office for Information Security, or BSI, warned of large-scale phishing campaigns that cybercriminals use to overcome protective barriers such as firewalls, passwords, or antivirus programs.
Home Office Employees Targeted by Cybercriminal
However, the biggest point of attack in a company is and remains the employee.
Attackers are deliberately exploiting the current prevailing insecurity of employees around the coronavirus to gain access to the corporate network through versatile social engineering or phishing campaigns. As a result, as an employee, you must be able to find out if someone is spying on your phone.
Particularly perfidious: the cybercriminals usually pose as colleagues or superiors to blind employees.
To ensure IT security in the home office, organizations must implement holistic IT security measures that not only guarantee that corporate data, end devices, cloud-based applications, and systems remain secure but, in particular, raise employees’ IT security awareness.
Ensure IT Security in the Home Office
In the home office, personal and work life collide, posing a threat to IT security.
For this reason, organizations must take appropriate security precautions to raise and ensure the level of IT security in the home office.
Following are simple security measures that can be implemented to protect against cyber threats and cybercriminals in the home office:
Make clear rules regarding IT security and communicate them to all affected employees – in writing.
Protect the information on the end devices by providing your employees’ end devices with hard disk encryption. Subsequent use is only possible by verifying the employee’s identity. If the device is lost or stolen, it is not feasible for others to access the information.
Make your employees aware of the need to secure their home WLAN connection with a new strong password and to activate WPA2 encryption.
Sensitize your employees to keep their hardware and software up to date. To do this, their workers need to perform recurring security updates to close known vulnerabilities, minimize zero-day attacks, and work with the latest system version. However, installing security updates affects not only the operating system but also the applications used and the home WLAN router. Intelligent patch management enables efficient implementation here.
Use VPNs to connect your employees’ end devices to the corporate network so that protected data communication is possible.
Set up two-factor or multi-factor authentication to provide your employees with additional protection against access by unauthorized third parties, for example, by using an additional PIN, fingerprint, or password.
Implement a mobile device management (MDM) system so that you can consistently track, manage and secure all mobile devices on your corporate network.
Implement an effective endpoint security solution to secure all endpoints with access to the corporate network from unauthorized access and prevent them from running malicious malware.
Separate private and business segments on endpoints. The private use of end devices involves a great potential for danger. For this reason, the two areas should be separated using containers, for example. Access to the corporate network is only possible within the container. Furthermore, the e-mail mailbox should be accessed via the Exchange client or webmail so that e-mails are not stored on private end devices.
Take appropriate security measures for video conferences, as these are the preferred method for cybercriminals to spy on corporate data.
Conduct periodic security awareness training to increase employee awareness of IT security, data protection, and cyber threats.
Home Office and Remote Work – But Secure!
The COVID-19 pandemic has fundamentally changed the world of work. The past lockdowns have impressively proven that working from home increases the productivity of employees and thus the resilience of companies.
Nevertheless, home offices and remote workplaces must be secured holistically and in multiple layers because ofthe operating system and the increasing risk situation. The human factor should be the main factor involved.
It is therefore essential that companies ask themselves the following questions before implementing home office workstations:
Which company data may be secured on mobile devices?
Do all end devices with access to the corporate network have the latest security updates?
What is the risk and damage if locally stored information is lost due to theft or loss?
Are your employees aware of the security risks? Do they avoid using insecure apps – as well as on personal devices with access to the corporate network?
Is there a separation of business and personal data on BYOD/UYOD devices?
How can cloud applications be secured?
Is the existing e-mail security sufficient?
How can compromised end devices be detected in the home office?