Working from Home (#WFH) and IT Security in Times of COVID-19: New Risks and Challenges

COVID-19 Measures Increase Remote Work

The current battle against the rapid spread of the coronavirus challenges governments on an unprecedented scale. They need to find ways of containing the spread of the virus under an enormous time pressure. Simultaneously, they face the challenge of striking an appropriate balance between effective restrictive measures and respecting populations’ fundamental rights.  As part of new regulations to “flatten the curve” of infections, numerous states have asked people to stay at home and isolate themselves socially. In many cases, people have no choice but to work from home. This increase in remote work poses significant IT security risks.

Similar to the case where users who voluntarily provide their personal data to companies in connection with commercial offers often are not aware of the risks involved, it is likely that many employees – and even their employers – are not aware of the privacy and security risks involved in working from their own living rooms.  Even before the corona crisis, there has been a work-from-home trend in various professional areas. But as the impact of the virus grows, large numbers of companies and institutions that lack an infrastructure for remote work now require their employees to fully operate from home. Often, both companies and employees are not prepared for such a change in their work structure.

More Work-from-Home Entails More IT Security Risks

More employees are now working in their personal spaces, and more often, they are using for work purposes their personal devices, such as computers and smartphones. This causes a mixed usage of personal and professional equipment, software, data and online activity. Since personal devices are less likely to be equipped with professional protective software, employees and their companies become more vulnerable to hackers. As the coronavirus crisis worsens, hacking incidents are increasing, security experts say. Since January of this year, they have seen a 15% to 20% increase each month in overall hacking incidents. Furthermore, hacking threats have started to use terms like “coronavirus” or “COVID-19” to trick users into handing over sensitive information or installing malicious software. This can cause the unwanted disclosure of sensitive personal data as well as companies’ confidential information.

How To Reduce IT Security Risks in WFH Environments?

When it comes to minimising these IT security risks, employers should be advised to provide behaviour guidelines to their teams, including information about new risks and advice on relevant software updates. Companies can adopt specific policies for remote work that offer technical and organizational guidelines on improving IT security. These security policies should for example include instructions on encrypting data transfer and using a VPN instead of a private network as well as rules of conduct for the event of a hacking attack.

It might be helpful to add visualisations of the risks to the guidelines. Perhaps like privacy icons that visually display aspects of data processing linked to users’ online activity, IT security icons, in principle, could help increasing the awareness and understanding of IT security risks connected to the rise in remote work.

As the coronavirus crisis is affecting the entire world and the time span of its impact is uncertain, both employers and employees need to focus on ensuring an appropriate level of IT security for home office environments. In this way, the uninvited changes in the working culture could also contribute to an overall improvement in the organisation and to a better understanding of IT security issues.