But perhaps the strangest thing of all, is that many SMEs still haven’t grasped the security implications of home working.  They have this belief that because they are working to a cloud environment, all is well and secure.  I only wish it were.  Now I’m not decrying cloud environments, quite the contrary, there are many reasons why all sizes of business should be going down this route, but it does come with its own set of issues.

Businesses of all sizes have been forced to transform their operations to support remote work and by and large have done well, but not without many challenges—including video conferencing burn out, (along with wishing they’d taken out shares in Zoom!!), and a yearning to actually work together in person again, someday.  We all realise that group working, face to face, is often necessary not just for efficiency, but because we are social animals.  Experience has taught many businesses many things, but strangely, to my mind at least, many have simply not grasped the potentially dire consequences in terms of Cyber security and data protection.

A distributed work environment i.e., personnel spread around various locations home working, creates critical challenges and new security threats as a result.  The speed with which this has happened has meant that many simply did not take this into account and if they did, thought, well, this is temporary and it won’t matter in the long run.  Well perhaps, but as many are now finding, there have been advantages to home working, not least a lowering of costs in terms of how much office space is actually needed to carry out the business function.  Many are now looking at Hybrid working i.e., from home with a day or two in the office during the week.  There are pros and cons to this outside of the scope of this article, and businesses will have to make their own judgements, but one thing is clear and that is that businesses need to understand the risks now inherent in distributed work, and need to get better are cyber security and data protection, in those environments.

Work-from-home employees are at much greater risk than those in offices. Since home connections are less secure, cybercriminals have an easier entry into the company network.  Furthermore, the explosion of various online tools, solutions, and services for collaboration and productivity tend to have the bare minimum of security default setting, and updates from third-party vendors can change security preferences and be easily overlooked.

Phishing becomes an even greater threat to home workers simply because, in an office environment, they have access to colleagues and managers, who they can approach for advice and guidance.  This is much harder to replicate with remote workers, especially those who may not be particularly tech savvy and who may not wish to become ‘burdensome’ to their co-workers.

Ransomware also enjoys an advantage in the work-from-home model.  If their connection to the company is blocked, it is more difficult for workers to get assistance from the right experts and authorities.  And since trust levels are lower when working from home, some workers will be concerned that they have “done something wrong” and so may be more reluctant to seek help. While this risk can be addressed by increased training, as well as messaging that vigilance and involving corporate IT will be rewarded, it can still be an uphill battle.

I have long been saying that Cyber Awareness training for managers and staff is no longer a ‘nice to have’ and is now very much a necessity.  In fact, it is arguably the biggest quick win, giving the greatest potential return on investment that there is.  Of course, this means that companies have to understand what their threats, vulnerabilities and risks are, in order to assess exactly what training is going to be the most effective.