The new year begins like the old one left off: in the home office. Because the Corona crisis has forced many to rethink and the home office has often become an integral part of companies. Even after the Corona crisis, companies want their employees to continue working in their home office, as studies show. In today's post, we will show you what developments have occurred in this regard over the past year, what risks exist and how you can efficiently increase IT security in your home office.
Home office: At home in the company
In 2020, 32% of the working population worked from the home office: This is the result of a survey by the D21 initiative, which was carried out in the early summer of 2020 by the consulting company Kantar. 1,154 apprentices and employed people were surveyed. This means that the number of people who work in the home office has doubled compared to 2019. Many would like it to stay that way:
36% of those surveyed would like to spend at least half of their working hours in the home office in the future. For 51% of those surveyed who had home office experience, it would be conceivable to further expand homework. According to this survey, however, executives seem to see it differently: Among them, only 25% would like employees to work from home even after the Corona crisis.
Home office tax: A suggestion for the bin
Not everyone reacts enthusiastically to the idea of offering more home office hours: Luke Templeman, a Deutsche Bank economist, thinks that people who work from home bring less money into circulation. This makes them a burden on society - home office workers would no longer pay for the infrastructure but would use it when needed. According to Templeman, it only seems right for a corresponding home office tax to compensate.
Since one does not live on emails in the home office but has to eat and drink for the workforce in the corporate office, and electricity and water costs rise, Templeman's proposal can be thrown away. Almost grudgingly, one should also consider who makes this proposal: An economist from one of those financial institutions that had to be rescued in almost every crisis in recent years.
Fortunately, the Bundestag has thought in a different direction and paved the way for tax breaks. In 2020 and 2021, employees can deduct up to five euros per home office day. This is intended to compensate for the additional burden of working at home - and is thus much more realistic than Templeman's proposal. However, there is also a restriction on tax relief for home office employees: It is only valid for 120 days, i.e. up to 600 euros. Anyone who works in the home office for more than 120 days is simply unlucky: More is not paid. But at least.
Network security and surveillance
Juniper Networks uses an international market research project to examine the perspectives, attitudes, and concerns of senior IT network and security specialists from various industries. 1,000 experts were interviewed on behalf of Juniper Networks by the research institute Vanson Bourne. This shows that network security is undoubtedly an omnipresent and growing challenge - especially in the current situation with many remote employees. In fact, an incredible 97% of those surveyed said that they see it as a particular challenge to effectively secure the company network. 86% also stated that both the reliability and the performance of the network should be optimized. So there is a lot of catching up to do!
That also exists in some Microsoft products: The Austrian network activist and researcher Wolfie Christl showed on Twitter how the “Productivity Score” function in Microsoft's Office 365 monitors what employees do in the home office. This score sometimes shows how often individual employees send emails, how often chats are used via teams and other information. This results in incomparability that can cause confusion: colleague A sends more emails than colleague B - is he more productive or more talkative? Colleague C mentions other colleagues much less often in chats - isn't he a team player? All of this information can be found in employee appraisals or salary negotiations. Certain access rights are required within the company to view the data.
Activist Christl fears that companies are too attached to a Productivity Score - without really knowing how relevant such numbers really are for assessing work. "I doubt that these productivity metrics say much, but I'm afraid that many companies will still try to achieve the arbitrary target values that Microsoft sets," Christl told the BR. Such employee monitoring is hardly compatible with German law anyway. Bertold BrĂ¼cher, as a legal expert of the DGB, told Heise that the legally compliant use of such monitoring tools was not possible.
Risks to network and IT security
As you can see, there are many considerations as to whether employees should work from home or work from the company's own desk. Many employees undoubtedly support the home office, but new points of attack in the network and data security are causing headaches for management. Let's take a look at some numbers:
According to an ESET study, hacker attacks on remote desktop connections (RDP) have increased significantly. In June 2020, 3.4 million attacks on corporate networks were carried out within 24 hours. In addition to tapping data, ESET believes that these attacks also make sense of distributing ransomware. The security expert ESET was able to detect an increasing number of cyberattacks during remote work, especially during lockdown times.
Over 50% of all remote employees use insecure private devices to access company systems. This is the result of the “Remote Work” investigation, which was commissioned by CyberArk. Unfortunately, this study also shows the double burden of working parents who have to look after their children: Everyday life has to go quickly so that there is often no time for security. Unfortunately, this is shown in further study results: 96% use identical passwords across devices and applications, 26% use the browser's own and rather insecure password storage for company devices and 20% allow other household members to use the company devices for other activities, such as schoolwork or online Shopping.
In 2020, companies often had to find that their in-house IT infrastructure could not withstand the sudden remote onslaught. There was a lack of security measures. But you also had to react quickly - the solutions had to be implemented quickly. Unfortunately, this was often at the expense of security. Now, after a few months of getting used to it, it is urgently time to increase IT security in the home office!
Optimize IT security in the home office
In the following, you will learn how you can increase IT security in your home office with relatively simple means. You mustn't see IT security as an annoying cost center. Understand IT security in the home office, but also fundamentally in your organization, as an investment in security and sustainability.
Secure access
Create secure access by stipulating a VPN for access to the company network. Ideally, you collect regulations of this kind in a security policy that is available to all employees in the home office as well as in the company. On the one hand, it serves as a binding guideline in matters of safety, but on the other hand, it gives employees support when they become unsure of how to handle them.
In addition to the connection exclusively via VPN, a multifactor authentication is an option. Instead of the usual login with a username and password, there is at least one additional security factor, such as entering a PIN that comes from a smartphone.
You can also use your security policy to define requirements for passwords: they should be complex and therefore secure. Ideally, you should prohibit the use of a password for several services. Otherwise, compromised accounts can be used to open additional accounts.
Employee weaknesses: create awareness
The greatest weak point in companies is and will remain the human being - and they are also largely responsible for IT security in the home office. Because employees must be prepared for dangers such as spear phishing, social engineering, phishing, malware, and ransomware attacks to be able to react accordingly. Furthermore, secure communication channels must be created and used, and mobile devices must be protected. All of this can only succeed if the “human weakness” is prepared for these dangers and possible countermeasures through awareness training.
IT security in the home office: further tips
It is also important to track down and isolate all insecure and obsolete end devices. They have not lost anything in the company network and should no longer be used. You can note in your security policy that security patches will be imported immediately. Ideally, you should opt for the automatic installation of updates so that no security-relevant patch can be missed.
Encrypt the communication channels. Do not use insecure messenger and video conference services, use paths that are encrypted. Also, pay attention to the security of the means of communication no. 1: E-mail. E-mail certificates are the method of choice here.
Protect your home office with total security software
It pays to proceed systematically. After you have identified, assessed, and prioritized the risks for your organization, the security policy can be derived from this. Solutions that have already been tried and tested can be implemented promptly to reduce damage quickly. Medium- and long-term considerations must also be made, however, so that IT security in the home office and in the entire company is also guaranteed in the future.
Comments
Post a Comment