Tag Archives: Work from home security

The New Normal – Not So Secure

Facebook says that 50% of its employees could be working remotely in 5 years.

My guess is that this could be the new normal, which is not so good if you own a lot of expensive commercial real estate in a big down town.

Zuck also says that employees that move from say San Francisco or New York and work remotely from Kansas may have the pay “adjusted”. Likely downward, which is another motivation for companies – lower payroll, which means lower payroll taxes and less rent.

I think that is going to be the new normal. Companies have figured out over the last 3 months that people can be productive without sitting in a cube. In some cases, more productive. And, if you remove the distractions of kids at home and the economy in the toilet, they might be a lot more productive.

Which brings me to today’s story.

IBM released a study on work from home security. IBM is not some fly-by-night company. Sure everyone can be wrong sometimes, but this report aligns with a lot of other information I have seen. Here are some of the details.

  • Over half of the people they asked are not aware or unsure of any company security policies around the following areas with slightly lower percents for other policies-
    • Mobile device management (53%)
    • Password managers (51%)
    • Collaboration tools (52%)
  • 45% said that their employer had not provided any special training on protecting the security of devices while working from home
  • 93% said they are confident of their company’s ability to keep information secure even though 52% are using their personal computers for work, often with no new security tools.
  • More than 50% of new work from home employees are using their home computers for work but 61% said that their employer had not given them any tools to secure those devices.

So what does this mean?

It means that if some percentage of employees will be permanently working from home, what do you need to do regarding security?

We already know that hackers are taking advantage of the current situation. If that remains “profitable” (which means money or information), they will continue.

Money, such as business email compromise attacks, spear phishing and whale phishing will likely be detected soon after the attack is launched.

Attacks which only seek to stay inside your system undetected, well, those will work hard to remain, undetected. The longest such attack I am familiar with remained undetected for 12 years. The company eventually filed for bankruptcy and was sold for spare change.

So, as managers, it is your call. Do you beef up your security program? Or, do you collect spare change?

Your choice.

Credit: Help Net Security