Home to roost: Remote working and cybersecurity

Staying at home has revolutionised the workplace. While the move towards remote working has been a long-term trend, the pandemic supercharged it. The first lockdowns saw millions of businesses worldwide switch almost overnight to homeworking. Subsequent restrictions reinforced the practice and ensured it became a core part of the new normal even after opening up. 

Homeworking is here to stay 

According to the International Labour Organization (ILO), there were 260 million home-based workers in the world in 2019 prior to the COVID-19 pandemic – amounting to just 7.9% of total employment. Fast-forward only three years, and the ILO estimates that almost 560 million people globally were working from home in 2020, during the height of the pandemic. 

In the UK, according to the Office for National Statistics (ONS), the proportion of working adults who did any work from home in 2020 jumped ten percentage points from 2019, from 27 per cent on average to 37 per cent. In information and communication, and professional, scientific and technical industries, figures were much higher (81 per cent and 71 per cent).

That rapid shift online has brought long-lasting change. The ONS figures showed that 85 per cent of homeworkers wanted to use a hybrid approach of both home and office working in the future, and it’s a similar story elsewhere. This is not just a UK trend either. A recent survey of working adults based in the US by the Pew Research Center found that by early this year, almost six in ten (59 per cent) whose jobs could be done from home were working there – most of them (83 per cent) even before the breakout of the Omicron variant. 

The same survey found that of those working from home, it was a choice in most cases. More than half of respondents (61%) said they are working from home instead of the office by choice rather than necessity. 

In July 2022, Bloomberg even reported that the Netherlands is planning to make working from home a legal right to ensure employers are considering the needs and wishes of today’s workforce. Likewise, a recent survey by IDC revealed that 56% of employees based in the Asia Pacific region want flexible work with options to work both in the office and remotely to remain, even beyond the pandemic. 

The security gap

The rollout of companies’ remote working strategies was among the outstanding achievements during the pandemic, but it was not without problems. In particular, industries were ill-prepared for the security implications. Many mid-market businesses’ cybersecurity strategies were built almost entirely around the corporate network and office locations. Meanwhile, equipment shortages meant staff often used personal laptops or technology without sufficient security such as standard desktop builds and accessing corporate networks via Virtual Private Networks (VPNs), in addition to strong password controls. 

Moreover, the confusion, disruption and change the pandemic brought created new opportunities for attackers. Increased and exceptional public communications from various health organisations, governments and other bodies through SMS and email saw scammers look to capitalise on the disarray. 

Ransomware, particularly, remains a key risk, with an organisation suffering an attack every 11 seconds in 2021, according to UK analysis from TIIN. And that’s forecast to fall to every two seconds by 2031. Cybersecurity risk overall, meanwhile, remains the biggest threat to organisations’ growth through to 2024. 

That is despite the fact that most businesses have by now had time to make significant changes to their security to adapt to homeworking. Virtual private networks have been set up; network and firewall configurations reviewed and revised; laptops refreshed with the latest anti-malware and security tooling; open ports closed to prevent workers from using removable media; and policies and procedures for homeworking reviewed and updated. Added to this, the confusion and disruption during the early stages of the pandemic have dissipated. 

An evolving threat landscape

There are several reasons why companies are failing to manage the security risks. One is simply scale. As home and hybrid working has become normalised, the number of workers connecting remotely has massively increased. Businesses have now had time to adapt, but the IT risk landscape remains significantly more complex than when staff were almost all office-based. That complexity will only grow in many industries with the increasing breadth of connected devices and the Internet of things. 

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top