WFH Rules Ramp Up Phishing and Insider Risks

Mass home working has exposed US organizations to a greater risk of cyber-attacks and put greater pressure on security teams, a majority of IT leaders believe.

A Cybersecurity vendor polled 250 IT leaders and 2000 workers to compile its Securing the Future of Hybrid Working report. It comes just days after the government backtracked on previous advice by urging those who could work from home (WFH) to do so and help stop the spread of COVID-19.

The report found that a majority of IT leaders believe their organization is at greater risk of phishing attacks (82%) and insider threats (78%) due to WFH orders.

The reasoning behind this is clear: most (57%) employees under lockdown are more reliant on email as a primary communication channel with colleagues, and phishing was the leading cause of cyber-attacks between March and July 2020.

In fact, it accounted for half of all incidents recorded during that time, with 30% of IT leaders reporting a rise in ransomware attacks delivered by phishing, while nearly a quarter (24%) reported an increase in vishing compared to the previous five months.

BYOD presents a persistent risk in this context: 78% of remote workers using personal devices during the period received phishing emails in their work or personal inbox, and a worrying 68% said they clicked through or opened an attachment in unsolicited mail.

There are also concerns about remote workers logging-on to public Wi-Fi when out-and-about. Over half (53%) of IT leaders are worried about the associated security risks, and they are right to: 58% of employees said they’ve either considered connecting to public Wi-Fi or have already done so.

Partly as a result of this behavior, and other factors like limited budgets and distributed working, most (85%) IT leaders believe COVID-19 has put greater pressure on their teams, and 34% are worried they will be too stretched to cope with the increase in threats.

To help mitigate these WFH risks, 43% of respondents claimed they are looking to upgrade BYOD policies and 58% will introduce more staff training.

“Business leaders must understand the strain that remote working puts on IT teams and address the risks people are exposed to,

“Legacy security protocols are no longer equipped to protect distributed workforces and provide visibility into the behaviors of employees who rely on personal devices, risky channels like email and public Wi-Fi to get their jobs done.”