Millions of Americans have been working from home since late March and are likely to continue doing so well into next year.
While the threat from scammers targeting individuals has been quick to emerge, a new IBM study has found a host of security issues resulting from this new trend that pose risks to corporations and consumers’ personal information.
At the office, employees usually work on highly secure networks with robust safety protocols. At home, the IBM study found employees are using their home WiFi and are often completing work on personal laptops.
Businesses and employees were thrust into the work-at-home world suddenly, with little to no time for planning. The study authors found that most of the employees now working from home had little to no experience doing so before the pandemic closed their offices.
The study authors worry that cybercriminals will have a much easier time breaching an employee’s home security network than they would breaking into a corporate network. They point out that customer service agents who worked in closely managed call centers are now managing sensitive customer data at home.
"Organizations need to use a risk-based approach with work-from-home models, then reassess and build from the ground up," said IBM’s Charles Henderson. "Working from home is going to be a long-lasting reality within many organizations, and the security assumptions we once relied on in our traditional offices may not be enough as our workforce transitions to new, less controlled surroundings."
Henderson says businesses need to be playing catch-up. IBM found that most employees now working from home are confident in their company's ability to keep personally identifiable information secure in this new environment. But 52 percent said they are using personal laptops to work at home, and 45 percent said they haven’t received any specific training.
The study contains a virtual catalog of additional policy lapses that could expose business and consumer data. Specifically, the study found that:
More than half of employees have not been provided with new guidelines on how to handle highly regulated data while working from home;
More than 50 percent of respondents don't know of any new company policies related to customer data handling, password management, and other sensitive information;
More than 50 percent of new work from home employees are using their own personal computers for business use, but 61 percent say their employer hasn't provided tools to properly secure those devices; and
Sixty-six percent of employees have not been provided with new password management guidelines, which could be why 35 percent are still reusing passwords for business accounts.
While there have been no major data breaches reported since employees began working from home, the current trends are not encouraging. A recent analysis by researchers at cybersecurity company Tessian found just over half of home-bound employees are engaging in riskier behavior, such as using email to share sensitive files instead of more secure means of communication.