Working at home is dangerous. In the fifth corona wave with the Omikron variant, almost every fourth employee (23 percent) works exclusively in the home office or on the go. Another 21 percent state that they alternate between working from home and in the office. This was the result of a Forsa survey commissioned by the TÜV Association among 1,507 employees, which was carried out from January 18 to 23, 2022.
“The mass work in the home office has increased the risk of cyber attacks,” said Dr. Dirk Stenkamp, President of the TÜV Association, on the occasion of Safer Internet Day. “There is often a lack of training, clear rules of conduct in the event of an IT attack or the necessary technical equipment.” According to the survey, 14 percent of employees report that their employer has had one or more IT security incidents in the past two years is.
As a rule, these are successful phishing attacks or targeted attacks with blackmail software (ransomware). 41 percent of the employees surveyed state that there are no guidelines from their employer or that they are not aware of any rules on how to behave in the event of an IT security incident. “In successful IT attacks, time is a crucial factor in being able to contain the damage as quickly as possible,” emphasized Stenkamp. Successful or even suspected attacks would have to be reported immediately and the affected device would have to be disconnected from the Internet as a precaution before further damage could occur.
According to the results of the survey, only 38 percent of the respondents who work from home have taken part in training on the subject of remote working. 85 percent of the participants named the detection of cyber attacks as the most important content of the training, 84 percent compliance with data protection when working remotely and 81 percent the correct behavior in the event of IT security incidents. But topics such as ergonomics at the workplace (61 percent) or the use of applications such as video conferencing systems were also dealt with (54 percent). “Working from home presents employers and employees with technical, organizational and work-psychological challenges,” said Stenkamp. “Regular training courses are an important means of reducing stress in the home office and enabling safe and efficient work.”
In the survey, almost three out of four respondents (74 percent) stated that their employer had certain rules for working from home on the subject of IT security. Of these, 74 percent state that they should regularly install software updates, 64 percent are not allowed to use private USB sticks and 56 percent have rules or a ban on the private use of devices and applications. 48 percent are not allowed to use private cloud services with their employer’s computer, and 39 percent have regulations or even a ban on using public WiFi networks. Only 8 percent of those working from home have to follow the guidelines for configuring their home router. Stenkamp: “Every fourth employee works in the home office without any requirements from the employer regarding IT security. This makes companies and other employers an easy target for cybercriminals.”
69 percent of home office employees name the use of a so-called as the most important security measure-Clients to be able to establish a secure connection to the employer’s network. 21 percent use Internet browser-based encryption. 31 percent name additional security measures such as password protection, virus scanners or firewalls. The TÜV Association provides information on how employees can improve digital security in the home office:
- Separating work and private life: Anyone who surfs the Internet privately with their employer’s computer can catch dangerous malware in this way. In addition to the exclusive use of the employer’s devices for professional purposes, it can make sense to set up your own WLAN network for work and to prevent the devices from communicating with each other in the home network.
- Recognizing and deleting phishing emails: You should always be careful with all emails from unknown senders. Phishing e-mails contain links to dangerous websites with the aim of “fishing” for the user’s access data. In addition, cybercriminals are sending masses of spam emails with attachments containing malware. Therefore, the file attachments and, if possible, the e-mails themselves must not be opened. Suspicious emails should be deleted or forwarded to the employer’s IT support first.
- Social engineering as a danger: particularly resourceful cybercriminals target organizations by contacting employees personally and using email addresses that are deceptively real. All employees should keep this in mind and check whether the senders are serious.
- Carry out all software updates: Both in the office and in the home office, employees should carry out software updates as quickly as possible. In many cases, the updates close security gaps or install additional security features.
- Identify participants in online meetings: In larger online meetings with Zoom, Teams or other video conferencing tools, the participants quickly lose track of who is present. The organizers of the meeting should take care to personally identify all participants – either by name, by camera or with a round of introductions. This is especially necessary when sensitive information is shared in a meeting.
- Contact IT support: Employees should follow the instructions of the employer and IT support and not use their own software applications. If employees are dependent on tools that are not supported by their employer, they should still contact their IT support and discuss what is allowed and what is not. In the event of a security incident, employees should not hesitate and contact the IT department immediately.