There is no denying that working from home comes with a multitude of advantages: you save on commute costs, can have more control over your daily schedule, and can often be less formal – how many of us have taken a call from the comfort of our couch? There is no denying that the rise of remote and hybrid working has caused the boundaries between home and work to blur, and while this comes with a number of benefits, it can also pose significant challenges for cybersecurity: after all, the plethora of potential threats cannot distinguish whether you are in the comfort of your home, or in a secure office.
Whether employees are in the office, at home, or moving between both, the risk of cyberattacks remains high, and so the importance of maintaining robust cybersecurity measures across all environments is paramount—especially as the statistics show a significant rise in cyber incidents.
Cybersecurity In The Office Versus At Home
In traditional terms, the classic office seems, and has often been considered, a far more secure space in comparison to working from home: your office will have the money to invest in robust firewalls and cybersecurity protocols, including impenetrable networks and strict procedures. By contrast, employees working from home are often working from personal devices, and are unlikely to have industry-level protection to help prevent cyber attacks. This disparity increases the risk of cyberattacks significantly when working from home.
A study found that 26% of medium-sized businesses and 37% of large businesses experienced cybercrime in 2023, often while employees were working remotely. In addition, just over half – 53% – of cyber breaches in the UK were found to be malicious in nature. The financial costs can be substantial – on average, a data breach in the UK cost £3.9 million in 2021, rising to £4.67 million in 2022, and this number continues to rise.
In many cases, these breaches can occur when cybercriminals exploit weaker security at home, which can have a ripple effect, compromising entire corporate networks.
The Role of Phishing and Ransomware in Home Working Attacks
Phishing remains one of the most commonly favoured methods used by cybercriminals when it comes to breaches and obtaining information – and this can occur whether working at home, or in the office. Approximately 6.4% of UK internet users reported trying to open phishing links in 2021, and the threat has evolved in recent years, especially with the rise of sophisticated ransomware attacks.
Ransomware, in particular, has become a significant concern for businesses, and remote workers are especially vulnerable due to elements such as weak passwords, insecure Wi-Fi connections, and personal devices. Phishing emails with malicious attachments or links can quickly lead to ransomware infections, locking employees out of critical systems until a ransom is paid. As remote work continues to be part of modern working life, addressing these security gaps becomes increasingly crucial.
The Risks of Home Wi-Fi and Personal Devices
The home environment presents a number of cybersecurity challenges, and the two main issues to be aware of are unsecured Wi-Fi networks and the use of personal devices for work. Unlike corporate networks, which are protected by firewalls and IT monitoring, many home routers are left with default passwords or outdated firmware, making them an easy target for hackers. In some cases, businesses will work hard to invest in robust cybersecurity measures, but a weak home network can undo all of this hard work.
The use of personal devices such as laptops, phones, or home printers can increase risk, as these devices will usually lack robust encryption, and tend not to be equipped with the same strict cybersecurity measures as corporate hardware. This opens up further vulnerabilities, where malware or ransomware can be introduced into corporate networks through unprotected personal devices.
The Human Element
One of the most common causes of cyber breaches is human error. Employees are often unaware of the risks associated with clicking on phishing links or using weak passwords. In fact, weak or reused passwords were responsible for a significant portion of remote work-related breaches. In addition, the UK government found that while 32% of businesses experienced some form of cyberattack in 2023, a lack of cybersecurity awareness among employees was a recurring factor.
Training employees to recognise phishing attempts, secure their home networks, and use strong, unique passwords is essential. Employers must bridge the gap between corporate IT teams and the wider workforce by enforcing regular cybersecurity training and ensuring that workers follow the same security protocols at home as they do in the office.
What Can Companies Do?
Companies need to adopt a multi-layered approach to cybersecurity, one that does not rely solely on corporate infrastructure but extends to employees’ home offices. There are a number of steps that businesses can take, and these include:
Encryption
All data that could be deemed sensitive must be encrypted – and this is particularly important when considering file sharing, which is essential for home workers, and a potential weak spot for cybercriminals.
Virtual Private Networks (VPNs)
Virtual Private Networks (VPNs) are a key source of protection, and should be mandatory for all employees accessing their companies systems remotely. This can help to add an additional layer of security when workers are using their weaker, less protected home networks.
Multi Factor Authentication (MFA)
Multi Factor Authentication (MFA) can help to reduce the risk of compromised credentials, businesses, and has proven highly effective in mitigating the risks posed by weak or stolen passwords.
Regular Updates
It is important to ensure that both business and personal devices are updated with the latest software and security patches – outdated software is one of the most common entry points for would-be attackers.
Incident Response Plan
It is imperative that business have a strong formal incident response plan to refer to in the event of an incident. Despite the potential risks of not having a plan in place, research shows that just 21% of all businesses have an adequate incident response plan to rely on. It is also important that these plans have steps in place to cover and consider remote workers, and ensure that your remote and hybrid team members know how to respond to an attack quickly and effectively.
A Universal Threat
Whether you are working at home or in the office, cyber threats are universal. Cybersecurity does not differentiate based on location, and neither should businesses. The blending of work and home environments makes it crucial for organisations to adopt a holistic approach to cybersecurity, covering all potential points of entry.
Businesses must be proactive, investing in both technology and employee education to ensure that remote work does not become the Achilles heel of their security strategy. Given the cost of breaches and the prevalence of cybercrime, the question is not whether to invest in cybersecurity—but how much to invest.
By treating home offices with the same level of security scrutiny as corporate offices, businesses can mitigate the risks posed by remote working and ensure the safety of their data and networks in an increasingly hybrid world.