The corona virus and the associated measures have had a great impact on office life. Because of the virus, a lot of work suddenly had to be done from home. This changing situation entailed several risks. Changing circumstances mean changing risks. To undermine these risks, it is important to pay additional attention to information security during this time.
In the past year, several risks have been identified or increased by the corona crisis. To manage these risks, measures had to be deployed. You can read about the risks and measures for information security in home office situations below.
Overload or failure of the company network
During the corona crisis, many people are forced to work from home. This makes many employees more dependent on the network connection to the office than before. To be able to do their work properly, this connection is crucial. In addition, the company network is strained more, increasing the chances of complications.
Measures: To prevent network congestion, provide the necessary (network) capacity to serve the larger number of employees working from home. Be prepared for this especially at peak moments. Consider both the IT infrastructure and the telecom infrastructure.
Shadow IT and personal devices
Employees are more inclined to use shadow IT, systems and applications out of sight of the employer when working from home than when working from the office. Shadow IT creates risks with regard to the confidentiality and integrity of data because as an employer you have no grip on the security measures on these systems and applications. Is the software up to date? Is there an antimalware or antivirus program with a recent set present? Does it prevent the use of risky software on the system?
Measures: Create a clear up-to-date policy. The organization should make the rules around home use of hardware, software and any private IT facilities very explicit to its employees. To ensure that the policy is adhered to, tools such as Microsoft Intune can be used. This ensures that information can only be accessed on registered devices.
Cybercriminals are capitalizing on corona developments with phishing campaigns, causing employees to receive more and more phishing attacks like emails and text messages. One example is the rogue app 'COVID19 Tracker' that installs CovidLock ransomware on Android devices. When phishing is suspected, it should be reported to the responsible security officer.
Measures: Commit to raising awareness about information security among employees. You can think of attention to information security during meetings, intranet messages, e-learnings or game-based learning (GBL). Multifactor authentication also greatly prevents misuse of log-in data that has unexpectedly fallen into the wrong hands.
Family and housemates
Not only the employees, but also their family members or housemates work or follow education from home. Depending on the home situation and the facilities available to someone at home, the confidentiality of information (e.g. telephone calls and documents) may not be as well safeguarded as in the office. There is a greater risk of conversations being overheard or secret information being seen on computer screens.
Measures: You can only try to manage this risk as effectively as possible by creating awareness. Management should pay extra attention to the home working situation and should put extra effort into the aforementioned ways of creating awareness.
Other risks and measures
There is an increased risk of employee absenteeism due to the Coronavirus itself, but also due to the measures taken. Therefore, make sure that knowledge is sufficiently shared and that key people have a back-up. When an unencrypted connection is used, there is a risk that Internet services, intelligence and cybercriminals will obtain information about Internet activities. Especially when unknown Wi-Fi networks are used, a VPN is necessary. When an encrypted connection is used, this risk is controlled.