Why Working from Home Opened a Cybersecurity Pandora’s Box
Working from home means different things to different people. Almost by all, it’s considered a privilege made possible by technology. For some, it’s considered to be a bit of a challenge (at times) if you also have family members working from home or children (in my case, a five-month-old puppy). And for everyone, it’s considered a Pandora’s box for cybersecurity.
Pandora’s box is an artifact in Greek mythology, but in today’s vernacular, the idiom means “any source of great and unexpected troubles.” On its surface, working from home appears like a win-win. No commute, flex work hours, and more quality time with family. If you dig a little deeper, however, working from home is causing security gaps and loopholes, in large part because of this overlap between our work and personal lives. The unexpected security risks abound.
The human workforce will always come with a certain risk level, with hackers lobbing targeted phishing tactics in email and text since the dawn of the Internet. But now a distributed workforce means malicious actors have more opportunities with multiple access points and password vulnerabilities—especially if we are using personal devices and sharing them while working from home.
In a recent SailPoint survey, we found 1 in 3 U.S. employees use their personal computer and smartphone to enable remote work, while only 17% use their employer’s computer and smartphone. In EMEA and ANZ, half of the employees reported remote work was spent on employer-supplied technology.
Across the board in every region, people share the same devices they use for work with their loved ones, including passwords, and using the same computer or smartphone for personal needs like checking personal email while working. One in 4 respondents internationally shared work passwords with a 3rd party, including partners, roommates, or friends. In this WFH environment, “you have more weak points for data exposure that could be caused by accidents,” said Heidi Shey, a principal analyst of security and risk at Forrester.
Hackers are keenly aware of this new work landscape and are going in for the kill. We found nearly half of U.S. respondents said they had experienced targeted phishing emails, calls, or texts in a personal or professional capacity during the first six months of remote work. Similarly, over half of EMEA and ANZ respondents experienced a phishing attack since the pandemic began, with 1 out of 10 people reporting they were targeted by one or more a week.