Lack of security awareness when working from home: In a survey* by SoSafe, 9 out of 10 respondents said that the cyber security situation had deteriorated. 75 percent of those surveyed name mobile working as a reason for this - and not without good reason: because employees who work from home click on phishing e-mails almost three times as often (30%) as employees who are in the office.
According to SoSafe, a lack of communication in the home office, the use of your own technology as work equipment and unsecured work environments are among the greatest security risks of mobile working. While most companies are well aware of this, this is not always the case with the employees themselves - they often have a false sense of security when working from home. More and more employees are working from home, especially during winter and sickness. SoSafe therefore warns of the biggest risks of remote work and shares simple tips and solutions to mitigate them.
The biggest risks of mobile work
- Insufficiently protected work areas: More employees working from home also offer cybercriminals more targets. As a result, organizations need to secure more endpoints, networks, and software. For cybersecurity teams, this is a difficult situation to overlook. Because they cannot check all the technologies used in the home office. More than ever, the attention of every single employee at home is required to identify security gaps and react accordingly.
- Optimal conditions for social engineering and phishing: Mobile work also increases dependence on digital means of communication. Employees are getting used to the fact that they only receive business inquiries by email. This offers cybercriminals the ideal conditions to launch sophisticated phishing attacks – and they are successful, as more employees open or interact with phishing emails at home.
- Lack of communication with colleagues: High click rates in the home office can be explained, among other things, by a lack of direct communication with colleagues. After all, direct communication is necessary to verify information or required actions – or to stay up to date on all developments in the company.
- Need for new communication and collaboration tools: Since personal communication is significantly reduced, new communication and collaboration tools such as Slack or Zoom are used. These, in turn, provide new gateways for cybercriminals – not just for the attack itself, but also for intercepting information for their next social engineering attack. Voice cloning and deepfakes in particular are currently on the rise.
- Bring your own device: Many employees compensate for the lack of company devices in the home office by using their private laptops or smartphones for work purposes. The problem: The IT department cannot check these devices for irregularities. Nor can it ensure that the necessary technical defense systems are in place.
- Vulnerable employees due to uncertainty and constant change: New working conditions and an unpredictable environment tire employees - and thus make them more susceptible to cyber attacks, which constantly exploit this change for cause-related phishing. For example, employees care less about security guidelines, question content less often and are more likely to make mistakes.
While employees feel a false sense of security at home, cybercriminals take advantage of the special circumstances in the home office and use sophisticated attacks to gain access to company systems via the employees. At a time when workers are surrounded by ongoing uncertainty and under increasing pressure, they are also massively more vulnerable to cyberattacks. Companies should therefore make their employees aware of the security risks in the home office. This way they know about threats and can react accordingly.
background of the survey
Data from SoSafe's Human Risk Review 2022, based on exclusive response data from the SoSafe Awareness Platform, which anonymously evaluated over 2021 million simulated phishing attacks from 4,3 client organizations in 1.500 and analyzed the likelihood of success of various attack tactics.
More at SoSafe-Awareness.comAbout SoSafe