Employee Cyber Negligence
PICTURE THE SCENE. You are working at home in your study that sometimes also doubles as a bedroom, and has kids' toys in a box in the corner. You are working on an important report, but after the kids come home from school, the disruptions increase, distractions become inevitable, and the report takes a lower priority. You keep the door closed and tell the kids to entertain themselves, but you feel guilty for encouraging them to go on their iPads, which only perpetuates the cycle of screen time, plus in just a few minutes you know they’ll be back in the room annoying you again.
In some ways, after three years of a global pandemic, for many of us, this is a recurring scene that is playing out on a daily basis across much of the world. Working remotely has become the norm, and what was once a home study used occasionally to pay bills online or check emails or social media at home, has become an all but permanent makeshift office.
The benefits of working remotely for so many people cannot be understated. Many parents in particular love the idea of being close to their families, and many others appreciate not having a commute. In general, having greater flexibility has made many workers more motivated, and in a lot of cases, has made them at least as productive or even more productive than they were in the office.
However, as with all good things, there are some downsides too. Most notably, remote work has increased the incidence of cyberattacks. For workers who began to work at home only as a result of the pandemic, this is unsurprising. In most jurisdictions around the world, the decree to work remotely came suddenly and with very little preparation. Few companies were set up for it and thus the makeshift offices where so many of us now work, were arranged quickly, haphazardly, and with little forethought. That meant that for many people, the computers, the internet connections and the software they were using was their own, designed for personal rather than for business use, and therefore much more vulnerable and susceptible to cyber breaches. In fact, one report has found that between 2019 and 2022, working from home increased the cyberattack frequency by 238%, largely as a result of how home offices were set up when the pandemic first hit.
The biggest issue with remote work is security. Microsoft has reported that when staff first began working from home in early 2020, this ‘created new attack surfaces for cyber-criminals to take advantage of, such as home devices being used for business purposes’. Since then, IT and security experts have begun to think in new ways about protecting their employees without the benefit of physical closeness and confinement, and for the most part, it has worked. This is largely because ‘remote working in March 2020 is not the same as remote working in 2022… When we quarantined at home with no choice, our homes were not properly prepared to become offices. [Now] people have invested in quality equipment for their home offices’, and this has made a huge difference. Many businesses now have a hybrid setup, which allows their employees the flexibility to work at home or in the office, with the necessary hardware and protective software to support that.
However, whilst the environment may have changed, the chaos that has led to it and the fluctuations that are inherent within it, have heightened the concept of human error as another issue of the modern working environment. In 2019 (pre-pandemic) it was already an issue, and an American report released in that year found that 47% of all C-Suites (executive managers) and 31% of all small business owners reported that human error was the cause of their data breaches. In 2022, a report by a different agency but on a similar topic found that ‘employees are the weakest links in their own security and the easiest target for cyber criminals’. That report then went on to say that ‘82% of data breaches analyzed in the report in 2021 involved the human element’. The only way to combat this is to be more vigilant, to educate employees, and to pay more attention to the work, regardless of where it takes place.
Working from home has many benefits and rewards, but the last few years have shown that the vulnerabilities exposed by the move to remote work have also been attractive to cyber criminals. Moreover, the circumstances at home are not always ideal and this can lead to mistakes and greater data breaches initiated not by criminals, but inadvertently by the employees themselves. As the world settles down after three years of uncertainty and panic, now is the time to ensure that all offices – irrespective of where they are located – are safe, secure, and appropriate environments for getting work done.
- Cyber Security & Risk Management