The COVID-19 epidemic and its confinements have turned the world of work upside down. Companies had to adapt to this sudden change, and the solution was to massively adopt the practice of teleworking.
However, this practice is clearly not without risk for the company, as telecommuting more easily leads to incidents. In fact, according to a Fortinet survey, 62% of companies questioned reported a data leak caused by teleworking.
Find out more about the risks and best practices of teleworking and cybersecurity in this article.
The growing phenomenon of Teleworking
Telecommuting has become a real phenomenon, so much so that today, at the end of 2023, many people are looking for a job with at least one day of telecommuting.
According to the French Ministry of Labor, in 2017, the percentage of teleworking in companies amounted to only 8%, this figure increased to 21% in 2021, and is today, in 2023, at 56%.
In France, almost all tertiary sector employees wish to telework at least once a week.
What we’re dealing with here is a truly new phenomenon that has taken on enormous proportions, and is therefore having a number of negative effects, not least on IT security.
Lack of preparation
One of the big problems with teleworking is that companies have had to launch into this practice very quickly and hastily.
But few were ready for the upheaval of 2020. According to Jean Pouly, founder of the consulting firm ECONUM:
“In a normal situation, the integration of this practice would perhaps have taken 10 or 15 years . However, the current situation [here Covid] is generating massive and sudden cultural integration and propelling us towards this new world of work.”
Teleworking & Cybersecurity : Increased IT security risks
Teleworking & Cybersecurity : Some statistics
In 2021, a survey, conducted by Thalès, showed that 82% of employers are concerned about their company’s cybersecurity as a result of teleworking.
According to another survey, this time by Ellisphere, by 2022, two out of three companies believe that teleworking will lead to an increase in cyber threats. However, only 43% of organizations have made more than 75% of their employees aware of cyber risks.
According to a study by the Ponemon Institute in 2022, almost 70% of companies surveyed indicated that the risk of cyber-attacks has increased with the shift to teleworking.
Another survey, carried out by the Cybersecurity & Infrastructure Security Agency (CISA), revealed that 50% of telecommuters in the USA had received no cybersecurity training whatsoever.
These statistics clearly show that :
- Teleworking is a concern for employers, but they now have to deal with increasingly demanding employees who wish to do hybrid work.
- Employees have received very little, if any, training in IT security and cyber risks.
The hardware problem
Telecommuting means working from home with equipment.
And there are two schools of thought here.
The first is to ask employees to use their own equipment, such as their own computer, to do their work.
It goes without saying that this way of working can pose problems:
- For the employee, this means not separating equipment for leisure and work.
- For the employer, there are IT security risks regarding the data stored and transmitted.
The second is to lend the employee a laptop, for example. In this way, the employee will theoretically only use the computer for work, and will use his or her personal computer for leisure or to check personal e-mails, for example.
But this is the practice, and nothing prevents employees from using loaned professional computers for personal purposes.
The risks & cyberthreats of teleworking
In 2020, a report by Malwarebytes showed that 20% of organizations have fallen victim to a cyber attack caused by a teleworking employee since the start of the pandemic.
During the COVID-19 pandemic, according to a study by KnowBe4, a platform specializing in IT security, computer phishing attacks increased by more than 600% over the first half of 2020, with those targeted being telecommuting employees.
Typically, phishing attacks are e-mails imitating a bank, company or other service, asking you to enter personal or confidential information.
It is therefore possible for hackers to access your personal and professional accounts, and therefore, to infiltrate company networks.
You know the myth that the most frequently used passwords are “password1234”.
Well, this is actually the case, and cyber criminals are having a field day using Social Engineering and Brute Force to find and connect to corporate Information Systems and steal data.
Through password theft and phishing, cybercriminals gain access to company systems and retrieve as much information as possible.
The goal of data theft is either to make a ransom demand for disclosure of the data, or to sell the data in the Deep or Dark Web to the highest bidders.
If an employee downloads a corrupted attachment via a phishing attack, the consequences can be disastrous.
The virus contained in the attachment will encrypt the computer’s documents, spread throughout the corporate network and render the system and its data inaccessible to users.
Hackers can then demand a ransom.
Best practices for combining Teleworking & Cybersecurity
According to a survey conducted by the IFOP, over a third of French employees have not received any training in cybersecurity.
Here are the good actions and best practices that must be put in place to protect your organization from the cyber risks of teleworking:
- Overall awareness of cybersecurity risks for employees.
- An awareness campaign about phishing attacks for employees, carried out by cybersecurity professionals.
- The creation of impersonal and distinct passwords for each application and each employee.
- Do not lend the professional computer, and do not insert peripherals or USB keys.
- Always check the content of emails, the sender, and the links present.
- Frequent updating of software and systems.
- Create an authentication system for the teleworker when they connect.
- Strict use of equipment loaned by the company for professional purposes only.
- Installation of anti-virus and firewalls protecting the loaned computer.
- Employees should only connect to private, not public, networks.
- The use of Cyber Threat Intelligence software to detect data leaks.
- The use of various protection software such as an integrity checker and a vulnerability scanner.
It has to be said that the working environment has been turned upside down since the Coronavirus period, promoting the practice of telecommuting, or at least hybrid working, which is a very good thing that deserves to be developed.
But this can create cyber risks for the company, which is why we recommend holding an awareness class for employees.