During the Covid-19 Pandemic about 88% of all companies implemented mandatory work from home for all employees and many of these will offer WFH as an ongoing option for employees. Many of these organisations prior to the pandemic did not even know what WFH was let alone permitted employees to do it. This means that with the rapid change caused by the Pandemic many companies simply told staff to work from home with no real consideration to whether this was a secure thing to do or whether the employees would actually be able to perform their job by getting access to the necessary applications. Many IT departments were making changes on the fly.
This new WFH culture meant that people were engaged less with in person communications and therefore email usage increased. With this came an increase in Phishing attacks from those who were keen to alleviate you of your savings or company funds. In fact 30% of all Phishing attacks are targeting work from home employees and combined with the statistic that 90% of all employees find it difficult to identify a phishing email it is easy to understand how this is a significant risk to any company whose employees are, forced through legislation or otherwise, working from home.
The solution to this is a three prong approach:-
- Ensure all staff have received comprehensive training on how to identify and handle phishing and other malicious emails. In fact employee cybersecurity training of any form will benefit the company.
- Ensure all staff have suitable secure equipment to work from home with. If they are using their own equipment then get your IT to audit their machines to ensure they are fit for purpose. Consider providing company secured equipment to those “intense users” for work from home use.
- Ensure your company email is secure and that it protects from most kinds of malicious email. This may cost a bit more each month but the long terms benefits outweigh these costs.
At FunctionEight we often win new clients because the old IT provider failed to secure the email properly or advise the client what should or should not be done. Don’t become a victim and ensure you heed the words of advise above.
If you are unsure how to proceed please feel free to contact Henrik on his email henrik.runnstrom@dev.functioneight.com to see how FunctionEight can help you.
For a more comprehensive look at WFH policies please review our previous blog https://dev.functioneight.com/blogs/wtf-wfh-work-home