Working from home: what about the security risk?

• There are recurring  worries around ‘work from home’ and security 
• Should they be tagged as ‘Reasons to discourage working from home’? 
• Or viewed as an opportunity to provide corporates with secure remote working solutions?

To get a view on what its customers were thinking, AT&T recently undertook some customer executive research across the Asia-Pacific area to find out how vulnerable companies feel now that they’ve actually initiated home working in response to the pandemic.   AT&T  commissioned research across three major markets in Asia Pacific and the results show that 64 per cent  of the companies surveyed believe they are more vulnerable to cyberattacks as a result of remote working arrangements brought on by the COVID-19 pandemic.  

Of the 500 IT decision-makers included in the study from Hong Kong, Australia and Singapore, 90 per cent currently have employees working from home.  While overall preparedness for remote working was high across the region the responders also  identified several areas of concern including WiFi networks, cloud storage, email and new technologies such as 5G and IoT. But it was remote devices that appeared to be the most problematic.

Many home or remote workers are using personal devices or company-issued devices for both work and personal use. More than one-third are accessing the web and business applications via private WiFi networks. With the rush to implement remote working, over one third of users are accessing corporate networks from devices not managed by the company. No surprises there perhaps. 

The solutions included employee training, cybersecurity monitoring and support from external security providers. It suggests these  are key to reducing vulnerability to cyberattacks. To improve awareness and understanding of the risks 51 per cent of respondents said companies should encourage staff to care more about cybersecurity by sharing information about the nature and frequency of attacks, as well the business consequences. And about half said more training was needed  

There is another possible  corporate approach: Guilt tripping. One headline on this subject favoured the line: “Remote workers are putting our businesses under increased threat of attack”.

Of course, if you let your employees know that you might be sceptical of their motivations for working from home and that you are also worried about security, then you might dissuade them from requesting remote working in the first place. 

But it should be mentioned here that the UK government tried ‘the ‘work from home discouragement’ routine on a national scale and caused a Covid spike. So it’s probably not a great idea. A more positive approach might be  to accept that more home and remote working is an inevitable, and probably positive, trend and try to mitigate the security risks that go with it. 

The most obvious response is to seek support from specialist external security providers. AT&T says this option is expected to increase in popularity next year, which brings us to the digital service provider opportunity. According to Tom Rebbeck, a partner at Analysys Mason consultancy, “When you look at all the big companies looking to change their work policies, then it’s pretty clear this is a long term trend and here to stay.”

He definitely thinks there is a role for telcos or Digital Service Providers to step in with secure remote solutions and training. “There are already a bunch of remote working solutions available which more or less get away from the ‘send all the data back to the office before forwarding it to the cloud’  approach. The new way is to get the data into the cloud through a gateway and then have it forwarded to the right place,” he says.