Are you a new user?

print   email   Share

Improving Cyber Security For Employees Working From Home

Cybersecurity ratings company BitSight recently published a report that found that organizational home office networks are far more likely to be infected with malware than corporate networks.


The report, entitled "Identifying Unique Risks of Work From Home Remote Office Networks," stated that 45 percent of organizations had malware on their corporate-associated home networks. By comparison, only 13.3 percent of organizations had malware on their corporate networks.


During the month of March 2020, home office networks were 3.5 times more likely to be infected with malware than a corporate network, according to the report. For instance, TrickBot malware, often used in ransomware campaigns, was 3.75 times more common on home office networks, while Mirai, a well-known botnet, was at least 20 times more common.


The author of the report said, "Worms like Mirai impact home networks more than corporate networks because of all the different IoT devices and consumer devices that Mirai was built to take advantage of and exploit." It also exploits defaults, and many users do not change their defaults.


BitSight looked at more than 41,000 organizations and their "work from home-remote office networks" for the report. Arielle Waldman "Malware found on 45 percent of home office networks" searchsecurity.techtarget.com (Apr. 15, 2020).


When working from home, a large number of employees are using older or unprotected devices that do not provide the same level of cybersecurity as workplace devices. Infected devices at home may be harder to spot without the software and human cybersecurity monitoring presence in the office.


There are ways organizations can increase cybersecurity for home-bound employees: provide up-to-date devices; increase device protections; increase network protections; and train employees. Unfortunately, these can be more complicated when employees are working from home.


If possible, provide employees work-issued devices with the highest cybersecurity protections in place and require them to only use these devices when connecting to the remote office network. Require employees to keep all IoT and personal devices on a separate personal home network.


If they must connect to the work network using personal computers and devices, require them to keep their devices patched and provide them with security software to install on all devices. Require them to change the default username and password on all devices.


Make sure the network that employees use to work from home is as secure as possible. Employees must use the latest, most secure router available. Require employees to change the router’s defaults and protect their home office network with a unique, strong password. Also require them to keep the router’s firmware updated. Employees can increase security by connecting with an ethernet cable, rather than through Wi-Fi.


Training employees on all of the above practices is essential. Do not assume that your workers know how to create a secure home office network. Provide clear instruction and regular reminders.


Finally, require employees working from home to participate in virtual cybersecurity training on phishing and other subjects. Unfortunately, working from home has not decreased the risk from malware.

Finally, your opinion is important to us. Please complete the opinion survey: