By: Reef Pearson, SecureTeam Correspondent
With hackers taking advantage of the vulnerabilities of a rushed and unprecedented shift to remote working cloud-based cybersecurity attacks increased by 630% when the pandemic hit. Despite how triggering this statistic is for businesses owner, the truth of the matter is that 66% of employers didn’t even offer antivirus software to their employees when they started working from home, and 44% didn’t provide any cybersecurity training whatsoever.
So when businesses haven’t been pulling their weight, how come there is so much responsibility being placed on staff to protect their company’s data when their employer isn’t taking the steps necessary to protect it themselves? With so many businesses eager for a full return to the office, the often misunderstood complexities of cybersecurity are an ideal scapegoat for employers desperate to see the end of remote working.
As human beings are integral to workplace success, staff welfare is a huge part of the cybersecurity and WFH debate that is currently being underrepresented. Remote working is proven to enhance the mental and physical wellbeing of working individuals without hindering productivity, which is exactly why staff need to be cautious of any employer wanting to sacrifice this under the pretense of ‘cybersecurity concerns’.
Why Wouldn’t Businesses Want Their Staff Working From Home?
Google recently made a statement declaring their motive for a shift back to office-working, claiming that it is essential to sustaining their company culture. However, with 45% of workers saying remote working has greatly benefited their overall wellbeing, surely this is evidence that the pros of working from home outweigh the sacrifice of what was once considered a good company culture.
For remote working to be a mutual success, trust is integral to the relationship between employers and their staff working from home. Naturally, there is going to be a loss of power over businesses that had an exceptionally watchful eye on their office-working staff, but it isn’t bold to say that this is likely to be for the better. According to the latest coronavirus and homeworking figures released from the Office of National Statistics, although one-third of employees completed fewer hours of work at home, an equal amount completed more, so there’s no actual evidence that employees work less from home despite employer paranoia.
The power dynamic of a business is compromised when employees are comfortable working at home and can escape intimidating people or situations easier, which is a threat to the hierarchy of a lot of companies and a relief for many workers. It is at this point that the line of business intent begins to become blurred, for example when businesses don’t have the notoriously good culture of Google, it is a lot more concrete to rely on cybersecurity reasoning as a mask for their true discomfort about their staff working from home. Staff members are a lot less likely to object to their employer telling them to come back into the office for security reasons compared to ‘culture’ reasoning, but businesses should not take advantage of that.
Why Would A Company Blame Their Staff For Cybersecurity Failures?
The evidence of increased cybersecurity and phishing attempts is concrete, however, it is unfair to say this increase is a result of the failures of remote working staff. The increase in phishing attacks is more indicative of scammers resorting to cybercrime as a result of them spending more time at home and having a new wave of vulnerabilities to exploit as a result of the rushed switch to remote working across the globe. In such unprecedented circumstances, this was to be expected. Although, the important difference is understanding that those vulnerabilities would have never existed in a situation where employers had sufficient time to plan and prepare for a secure transition to remote working.
The underlying issue here is that if employers are concerned about the security of their employees working from home then there’s plenty of precautions they can take, none of which require forcing employees back into the office based on cyber risks alone. Regardless of employer concerns, it is unfair to allude employees to believe that they are acting irresponsibly if they prefer to work from home.
How Can Businesses Prevent Cybersecurity Attacks?
If an employer is doing the most that they possibly can to protect their employees working from home then the cybersecurity risk of remote working should be no greater than in the office.
The primary precaution businesses can take for protecting staff (and themselves) is providing them with a company device that has remote access security controls installed, with two-factor authentication as a minimum. This isn’t an unreasonable request by any means, if businesses have the resources for staff in the office then they should be able to provide the same resources outside of the office. Certainly, if they’re expressing concerns over the risks of staff working from their personal devices then they need to be offering an alternative.
For businesses that have gone to the effort of providing business devices for their staff, they should go a step further and install a Remote Access VPN to ensure secure access to the company network. If installed correctly, it will make the remote working environment just as safe as the office.
As these measures are both effective and attainable, it makes it easy to spot when potential foul-play is occurring. For example, if a company is encouraging employees to use cloud-based software but then asking staff to resume full-time office work using the same software it would suggest their concerns go beyond cybersecurity as cloud-based technology poses the same risks regardless of where staff are working from.
Recognising Potential Coercion Attempts
The point of this discussion is not to invalidate the cybersecurity concerns of employers. The rise in cybersecurity attacks and threats are real, and it is of the utmost importance that businesses are vigilant, skeptical and take immediate action. However, unless a business is taking every precaution possible to ensure safe remote working for their workforce then they shouldn’t be telling happy and healthy remote workers to come into the office solely over cybersecurity concerns.
If employees’ mental and physical welfare is better when they have the ability to work from home then it is unfair to use cybersecurity as a scapegoat for a full return to the office, and if that’s what a business is doing then there is likely an alterer motive at play.