Working from home exposes cyber security flaws

Apr 17 2020 by Nicola Hunt Print This Article

Furloughed British employees, currently working from home are not being adequately supported when it comes to cyber security and other vulnerabilities of WFHDs (Working from Home Devices), according to new research from Gauntlet Risk Management.

Key findings include:

14% of interviewees said they, or a family member, is now working from home, with access to their work computer systems but without having had any check carried out by their employer to assess whether they have any anti-virus software or other cyber security measures.

Four-in-five interviewees (80%) stated that their place of work has no cyber risk policy or procedures in place in general, even before lockdown and nearly one in ten (9%) said the password to access the company wifi was common knowledge, prior to social distancing.

More than one-in-twenty (6%) in general and 14% of those from London said they regularly take part in video conferencing but never use a password to enter the virtual meeting. Another 4% (8% in London) said they do use a password but it is the same one every time.

And despite all of the publicity that has accompanied the growth of cybercrime, only 55% of interviewees know what a malware link is. One third (33%) did not know what phishing is and only 22% had heard of social engineering.

Flexible working practices and Bring Your Own Devices (BYOD) practices were under the microscope prior to social distancing being introduced. Experts warned that all BYOD laptops, phones and tablets needed to be vetted and have patch, configuration and AV checks, before being allowed to connect to company systems.

Just one unsecured device can compromise an entire network and lead to data loss or criminal theft. Businesses are now trusting, rather than checking, that employees have strong passwords, up-to-date software, virus protection and honest family, friends and associates.

Gauntlet Risk Management’s sales director, Andy Parkin, says: “The survey confirmed much of what we already felt would be the case in relation to cyber security in lockdown - that it is woefully inadequate and that employers have not been prepared, because in four out of five cases, they had no cyber security policy in place as their framework.”

“Many workplaces were already exposing themselves through not having procedures to govern private devices used in conjunction with company systems. Now that hole in security has widened, as we have WFHDs linking into employers’ systems, on a major scale.

Gauntlet have a Cyber & Data Insurance Guide that can be downloaded here.