The Real Threat of Working From Home


“The pandemic presented a unique opportunity to malicious actors, the protection provided by the corporate network and their firewalls had been smashed.

Moving from the office has not only seen the volume and frequency of cybercrime increase but the scope for cyber-attacks and data fraud widen.”

By Richard Gardner, CEO

Original article published Open Access Government

Remember when people packed onto trains or sat bumper to bumper in traffic to get to the office.

Every day.

As Coronavirus hit hard, there had to be a fundamental change and by April 2020 nearly half of us were working from home. It’s now estimated that by 2025, 70% of the workforce will be working remotely.

2020: The year of working from home

Remote working was once a luxury but faced with a mandate UK business had to make it work. Modern IT stepped in and enabled many companies to stand up solutions overnight.

Credit to the networks that largely accepted the additional load on home broadband and to companies like Microsoft, Google and Zoom who never seemed to miss a beat when it came to video conferencing.

Working from home challenges

Remote working saved the day for many businesses but brought with it a number of new challenges.

  • Broadband – Who hasn’t had to apologise for connection issues? Our WiFi speed and performance can make or break our day. If everyone in your street is now consuming the bandwidth and you need to stay connected it can be challenging.
  • Ergonomics – Do you have a desk to work at? Are you sitting correctly? Is your screen big enough? Ensuring your set up is correct is crucial for your health and safety and yes, research shows that you are far more productive with a bigger screen.
  • Costs – The relocation to your home shouldn’t come at your own expense. Did you know you can get £6 a week tax relief additional costs like heating, broadband, a new computer or laptop?
  • Security – Cybercrime in the UK rose 31% in just two months during the height of the pandemic.

The pandemic presented a unique opportunity to malicious actors, the protection provided by the corporate network and their firewalls had been smashed.

Moving from the office has not only seen the volume and frequency of cybercrime increase but the scope for cyber-attacks and data fraud widen.

We are now regularly seeing:

  • Phishing emails (where a user is tricked into clicking a link in an email and sharing information that can be used maliciously)
  • Malicious key logging (where spyware is installed onto a user’s laptop and passwords and personal financial information is captured and used for malicious purposes)
  • Data fraud (where employees who have been made redundant whilst working from home have kept corporate data)
  • Data leakage (where employees share and collaborate documents leaving data in an external destination).

All these types of attack rely heavily on employees sticking to best practice, another challenge in itself.

Many people use their own devices for work which lack the inbuilt security protocols like those in the office and it’s this that paves the way for an increased risk of attack.

Companies need to have a stringent Bring Your Own Device (BYOD) policy in place, ensuring employees understand and adhere to the boundaries and policies required, especially when sharing personal devices loaded with corporate applications and data with the rest of the family.

A BYOD policy should mandate:

  • A reliable and robust anti-virus installed on laptops to check for latest viruses and spyware, and ransomware.
  • A secure personal home router, with a unique password that has not been shared, with separated access for guests.
  • A Secure VPN used to extend the corporate network and secure communication between home and office.
  • The firewall is enabled on your PC or laptop whether its Windows or Mac.

How to minimise the cybercrime risk

There are many security practices a company can put in place to ensure your network and data is secure. The risk may be increasing but the detection method is hot on its heels.

Anti-phishing services will detect a phishing email and with artificial intelligence, learn from it and block future attacks. It enables users to report a suspicious email from their inbox and it will also run tests on users to ensure they’re educated in a safe environment about phishing.

Dark web scanning will enable a service that scans the dark web for data that may have escaped from your business and is being shared.

Document rights management (DRM) controls access to encrypted documents based on the user’s identity.

Multi-factor authentication demands at least two items of identity, like a password and link to your phone, to confirm who you are for access.

Next generation identity and access management (IAM) allows increased flexibility for users.

‘Zero Trust’ security policy requires verification from everyone before accessing data irrespective of role.

Going the extra mile

A robust cyber security system will significantly reduce your risk of attack but what if a highly intelligent cyber threat still gets through?

With cyber attacks costing the UK an eye-watering £34bn, it’s fair to say a breach could cost you heavy so it’s worth investing in cyber insurance. Your business should also have a disaster recovery plan in place, with clear guidance.

Need some help with your IT security?

The increased risk of cybercrime, the evolving technology and what you should choose to protect your business may feel overwhelming.

IT Naturally places strong importance on ensuring the correct cyber security protections are in place through our managed infrastructure services.

Talk to us if you need help with where to focus your efforts when it comes to cyber security and we can answer any of your questions.

Do I have an adequate budget to make it worthwhile?

My organisation is small do I need to worry about cybercrime?

We put an IAM system in place years ago, does it need to be upgraded?

Our Cyber Resilience services include:

  • Security Incident Event Management (SIEM)
  • Advanced mail security
  • Antivirus
  • Digital Risk Protection
  • M365 Security
  • Active Directory security
  • Security Operation Centre (SOC)
  • Penetration Testing


Contact Us