About Solutions Blog Resources Contact
Cyber security risks of working from home

Harold de Vries


Back in 2020, businesses were presented with the Covid-19 pandemic global lockdowns. As a result businesses rushed into providing solutions for their employees to work from home.

Now, two years on, businesses prepare for what life looks like in a post-pandemic world. Key will be what the new norm of working will be. A Gartner survey in 2021 found that 47% of businesses will give employees the choice of working remotely full-time in the post-pandemic world and 82% said employees could work from home at least one day a week.

Yes, for better or worse, remote working is here to stay. The benefits are simply too appealing.

However, a remote workforce comes with myriad dangers. Employees relying on personal networks and sometimes personal devices, new online tools and services,. If something is on the internet, there’s always the possibility of threat actors compromising it.

Unsecured home network connections

One of the key reasons for an increase in cyber security risks whilst working from home is unsecured personal networks. Employees remember to perform updates on their devices and anti-virus software, but updates to home router software is commonly overlooked. Personal routers are not perfect, and therefore contain security risks and vulnerabilities. Like other devices, routers require regular software and firmware updates to remain secure.

An additional challenge here is that ISPs often stop supporting updates to routers they supplied after a couple of years.

Office networks also have firewalls in place that monitor traffic and block malicious activity. Many home routers do not have this, creating further risks.

More use of online tools and personal devices

The majority of your employees’ tasks now are conducted online. With this increased reliance on technology and online tools, businesses are more susceptible to cyber threats. More tasks being completed online, from cloud documents, emails and attachments, instant messaging clients and third-party applications and services. This obviously exponentially grows the number of avenues for threat actors to infiltrate into your company networks, data and assets.

When your employees started to work from home, some of them may have started using personal devices for work. Whether it be mobile phones, tablets, printers or even laptops, the main risks raise from lack of IT security infrastructure.

Employees are using personal devices for two-factor authentication, and may have mobile app versions of instant messaging clients, like Zoom and Teams. The blurred lines between personal and professional life increase the risk of sensitive information falling into an unsecured environment.

According to CISO’s Benchmark Report 2020, businesses are struggling to manage remote workers’ use of phones and other mobile devices.

There is little your IT team can do to protect against this. According to CISO’s report, 52% of respondents said that mobile devices are a significant challenge when it comes to cyber security.

Phishing, ransomware and other scams

Unfortunately, one of the most common IT Security risks connected to working from home, are your own employees. Even if you have training in place for staff to educate them on cyber security risks, there’s a high probability that they will lose sight of that working from home. With the busy day-to-day tasks, IT Security falls down the list of priorities.

Threat actors are always adopting and improving the way they target their victims. During the pandemic, the number of scams, phishing emails and ransomware attacks have increased by multitudes.

According to Databasix, phishing emails have spiked in 2020 by more than 600% as threat actors capitalised on the uncertainty generated by the pandemic.

Phishing emails are designed in such a way that they trick many into either sharing sensitive information or downloading malware onto their devices.

The latter forms a threat for businesses, as this malware can find its way into your business networks. When this happens, the threat actors breach your data or use it to install ransomware. Whatever the threat actor choses, the financial and repetitional damage it generates will be detrimental to your business.

What you can do to mitigate the risks

Unfortunately, but there is no silver bullet to mitigate these risks completely. For starters, you are reliant on your employees’ awareness of cyber security risks and acting in compliance with your IT security policy, and with common sense.

Now that we’re entering the post-pandemic world and businesses are settling down a bit more, it’s a good time to review your IT Security and Remote working policies, BYOD policy with user agreement and approval process. Educate staff on the risks of using personal devices for MFA and instant messaging clients.

Although never popular, but regular e-training can help maintain the awareness of cyber security risks amongst your staff. Important for every employee, but in particular for remote working staff.

Training on its own isn’t sufficient. It should be combined with real tests, where your IT team will target employees with scams and phishing emails. The result of these tests highlight which IT Security risks are succeeding and thus where your staff requires additional training or tools to recognise them.

Improving your over cyber security solutions within the business. Pro-active security solutions that test your networks and domains continuously. Anything less leaves your business exposed and at risk of attacks by threat actors. Cyber security should not be considered a cost, but rather an investment. It protects your business, your data, your reputation and your operations.

How hackurity.io can help

We have developed a suite of fully automated cyber security solutions for businesses. These solutions include pen testing, anti-phishing and anti-malware & chaos engineering.

Our solutions are designed to work 24/7/365 to create round-the-clock pro-active security. Our pen testing solution can handle up to 10k deployment to production per day, creating a situation where we continuously test the robustness of your IT networks and infrastructure.

Phishing attacks are increasing in numbers every day. Our solution works pro-active by scanning the Dark web and matching potential malicious domain registrations to the SSL certification authorities’ intelligence. This way we can find and prevent phishing attacks before they’re executed. Our software can also trace the attack back to the source of the threat actors. Our pre-emptive model, allows our solutions to block and intercept phishing emails when they are sent, which prevents them of being delivered to the recipients within your business.

Our anti-malware and chaos engineering solution creates an exact replica of your IT system and network which is stored securely on your or our cloud. This replica will be scaled up or down depending on the load requirement. It guarantees you that, if you’d become victim of a malware attack, you can remain operational through the replica of your system.

We believe in pro-active and holistic cyber security to make businesses safe online through solutions that prevent cyber attacks.

To book a free consultation contact us: hello@hackurity.io


Blaak 520
3011TA Rotterdam
The Netherlands

A map marker icon.
The logo of Hackurity.io featuring cyan colored text with a camera in front of it.
© 2022 hackurity.io All Rights Reserved.