Create an ArticleUser Guide

How Working From Home Is Being Exploited

Jun 24, 2021

iCrowdMarketing powered by iCrowdNewswire

hackingMenara Grafis/Shutterstock.com


The cybersecurity risks of remote work are an unfortunate reality in today’s business world. We can safely generalize when it comes to the ‘business world’ simply because cybercrime truly can breach every unprotected crevice no matter the level of system security involved, at present. Also, there is solid evidence substantiated by high-profile cybercrime incidents that no system is bulletproof (at least not yet with the current slate of technological offerings). Cybercrime is an egregious reality that engenders an entire gamut of risks and threats to any business, any organization, as well as any institution out there regardless of whether this relates to an SMB or large organization -the consequences of an attack are almost always equally as damaging. According to McKinsey (global management consulting firm), the salient topic of the threats to remote work facilitated by the pandemic has resulted in the stark contrast between what the global workforce used to do, and what it is doing after the pandemic. Namely, approximately a third of the global workforce is working remotely now in 2021 -a drastic and historic turnaround in how business is conducted and orchestrated worldwide. McKinsey has elucidated on this exact notion, in that “The Virus has broken through cultural and technological barriers that prevented remote work in the past, setting in motion a structural shift in where work takes place, at least for some people.” Furthermore, to venture even deeper into the former: “More than 20 percent of the workforce could work remotely three to five days a week as effectively as they could if working from an office. If remote work took hold at that level, that would mean three to four times as many people working from home than before the pandemic and would have a profound impact on urban economies, transportation, and consumer spending, among other things.”


Remote work, working from home (also abbreviated as WFH), working from anywhere (abbreviated as WFA) are all essentially identical -only in that the venue where work is conducted changes. It is estimated that, as a result of remote work during the period of March 2020 - September 2020, the removal of commuting contributed to 62.4 million hours in savings per day in the sample and 9 billion hours of aggregate time savings were noted as well. It isn’t only time savings, overall a remote workforce was found to be more content, better paid, and more productive as well (beneficial for the environment as a bonus too). There are myriad benefits to be reaped by everyone due to the switch to remote work, however, what is going on beyond the walls of the seemingly green and sunny pastures of wonderful remote work? Namely, this is cybercrime. Given the current scenario since global closure and remote work shifts since 2019, cyber attacks have never been as rampant. Cybercriminals (organized hackers and groups) are exploiting an always-online workforce combined with unprepared and sloppy security measures. The tenuous results of this combination mean that infinite amounts of financial accounts and other sensitive data are vulnerable to cybercrime. According to statistics, over 80% of business leaders are adamant in their beliefs that their organization (s) are safe from cybercrime, and that they have adequate cybersecurity in place. This is mainly due to an incorrect viewpoint that smaller businesses especially are not the targets of cybercrime -a grave mistake on the part of the industry. To consolidate this point even further, statistics prove that the opposite is true. Over 40% of online attacks are indeed conducted on smaller organizations with 500 or fewer employees -due to less resistance, this is more productive for cybercriminals. Aside from external cybercrime attacks on a business, internal threats also need to be addressed which can mean employee cybersecurity threats.



What is Remote Work Exactly?


Remote work as defined by Cambridge online dictionary is “the practice of an employee working at their home, or in some other place that is not an organization's usual place of business.” Remote work is also sometimes referred to as ‘telework’ with a few distinctions between the two, “In practice, "telework" is a work arrangement that allows an employee to perform work, during any part of regular, paid hours, at an approved alternative worksite (e.g., home, telework center). This definition of telework includes what is generally referred to as remote work but does not include any part of work done while on official travel or mobile work.” Remote work is also sometimes abbreviated as WFH and WFA.



Real-World Examples of Remote Work Threats


The average cyber attack can not only disrupt a business’s data but also; have severe repercussions on business integrity and brand reputation. Some real-world examples of remote work incidents include;




  • Last year, malware attacks targeted at NASA rose exponentially which meant doubling of phishing attempts, system malware attacks, and tricked employees clicking on malicious links and messages

  • A recent Guardian article on ransomware and remote work incidents stated the following: “The transition that we’re seeing to working from home has contributed dramatically to the rise in successful ransomware attacks,” said Israel Barak, the chief information security officer at the security firm Cybereason. “There are a lot more open doors to access networks now that employees are working remotely.”

  • The Colonial Pipeline that supplies over 40% of the easter United States’ fuel was breached due to the breach of an employee virtual private network (VPN)

  • Russian ransomware groups appeared targeting remote workers to access government and corporate networks

  • Twitter has also been the victim of a ransomware remote working attack, once again cybercriminals masqueraded as legitimate technical consultant thereby exploiting naive employees into allowing access to company networks


These real-world examples exemplify the true scope of remote-work-related cybercrime and just how popular remote work is as an attack surface in the cybercriminal milieu today. We also see just how quickly a cyber attack can move from the digital realm and become a cyber-physical attack.



Mitigating Remote Work Risks With Good Cybersecurity Hygiene


We have seen that remote work can lead to some very dire consequences. The question is then, how can such risks, threats, and thus incidents be mitigated -if at all? The good news is that, yes, there certainly are ways to mitigate any remote work-related vulnerabilities on any system that will if anything, guarantee an exponentially safer future for any business and as a result make the work of cybercriminals quite difficult -which should be sufficient to dissuade them from orchestrating attacks. Below is a list of cybersecurity measures to mitigate a large portion of typical remote work-related vulnerabilities for any organizational structure;




  • Using a premium or enterprise-level VPN on all devices at all times

  • Using maximum caution with password complexity

  • Using enterprise-approved cloud services

  • Keeping systems up-to-date, patched, and monitored

  • Revoking system access from ex-employees immediately

  • Tightening security controls, access, and privileges on every network layer

  • Ensuring tight cybersecurity if employees are using their personal devices

  • Fundamental cybersecurity best practices such as avoiding sharing sensitive data

Tags: English