Government, businesses and other organisations in the Middle East are increasingly encouraging home working in a bid to slow the spread of COVID-19/coronavirus. While the measure is undoubtedly effective in flattening the curve of coronavirus increase, there are cyber risks to consider in relation to this change. Kaspersky experts have shared their concerns and pieces of advice on the process of transferring the companies to the remote workplace.
Transferring employees to work outside the office is a process that usually treated with thorough preparation, as once corporate devices are taken outside of a company's network infrastructure and are connected to new networks and wi-fi, the risks to corporate information increase. During the emergency switch of large people from work at an office to home-based activities, such preparations maybe should be in the center of attention of attention.
"Many companies have already adopted a practice of regularly allowing their employees to work at home. The results have been quite positive and home-based employee does not portray any risks if the approach to their cybersecurity is comprehensive. «There are two major risks to corporate networks related to the home office: employees' usage of unprotected devices when connecting to the corporate network, and connection via insecure Wi-Fi and 4G/5G networks, especially for those who work from personal devices. - says Maher Yamout, a security researcher at Kaspersky.
The experts noted that the best practice would be to use a corporate device, instead of a personal one. They add that the biggest mistake companies could make is to consider an employee device insignificant and ignore the fact that it might be the entry point of a cyberattack. “A year ago, we have assessed the cases of cyber incidents and found that a third of them started from employees devices. In 34% of cases, it was either a download of a malicious file from an e-mail or a malicious website. So the more potentially contaminated or unprotected machines are connected to the company's infrastructure, the larger are risks of infection. A vast majority of threats we see are not targeted, but come from mass-campaigns that rely on human errors or holes in un-updated software, which means that they are not unpredictable and can surely be prevented”.
The researcher recommends employers to follow to take basic precautions to minimize security risks: