Is home the new cybersecurity hub?

The unprecedented global coronavirus pandemic has brought about a shift in the conventional working
environment. Many building offices have been closed down because of the coronavirus restrictions. After
the closure of the formal working place, organizations were faced with the challenge to ensure continued
revenue generation without having employees coming together in one place. It did not take long that
many organizations began to adopt the concept of working from home. This approach enabled
organizations to continue business operations with many of their employees working from their homes.
While research indicates that remote working has enhanced organizational efficiency, it also goes without
saying that the setup has introduced new avenues for malicious cyber actors. Many organizations
hurriedly decided to allow remote working after the consideration of the business aspects only,
overlooking the cybersecurity challenges that are associated with remote working. As a result, remote
working has exposed many organizations to vast cyber risk which could have been avoided if adequate
considerations and analyses were performed before the adoption of the principle.
Unlike the office networks that are well protected by security systems, the home networks that employees
will be using to access the organization's resources are not as secure. If an attacker can intrude into the
employees’ home network it brings him a step closer to the company’s network. Therefore in such a
scenario, the cyber defense of the company is only as strong as the employees’ home network. The
advances in technology have led to a widespread of smart homes. Smart homes utilize insecure Internet of
Things (IoT) devices which will be connected to the very same network an employee will be using to
connect to the company’s server back at the office. An attacker can exploit vulnerabilities within IoT
devices such as default user credentials and unpatched operating systems to gain unauthorized access to
the home network and subsequently the office network. The attacker could also leverage the processing
power of the IoT devices and form bot networks that will be used to perpetrate more sophisticated
cyberattacks on network office resources. With more employees working from home, it is becoming
practically impossible for organizations to provide company mobile devices that employees can use to
connect to the company’s network. Such a situation results in scenarios where employees opt to use their
devices. Personally owned devices lack security software that would be for example found on a company-
owned laptop. Such BYOD policies expose organizational information. For instance, an attacker can
socially engineer any user who has access to the home laptop that an employee is using to access
company data. Once the attacker has gained access to the laptop he or she will be a step closer to the
company’s systems.
The remote working set up has brought notable benefits to businesses during the lockdown restrictions.
However, the system also has a downside in terms of cybersecurity. The use of secure connections such
as VPN connections should be implemented for all users connecting to the company’s network from
home. The remote connections from home to the office should also be coupled with multifactor
authentication to prevent unauthorized access.