News

Cyber Risks of Working from Home

Posted: 24 May 2022

Cyber Risks of Working from Home

For many companies who transitioned at speed to remote working, the experience has highlighted the need to strengthen IT security resources.
Overall awareness of cybercrime is increasing and more companies need help to manage the additional risks that working from home has introduced.

It is certainly the case that working from home has introduced more risk. Companies are highly aware that data breaches and cybercrime incidents can be hugely damaging if they are not correctly managed. We’re seeing larger companies carrying out cybersecurity risk assessments, vulnerability audits, testing exercises and so on. But even the biggest organisations can find monitoring remote work from a cybersecurity perspective difficult, particularly where there is a risk of employees using personal mobile phones or laptops, firewalls that haven’t been properly configured, vulnerable WiFi setups or unpatched systems or software versions. A lot of companies are looking to strengthen IT capability at the moment either by recruiting or by bringing in IT contractors to work on specific projects.

‘The Dirty Dozen’

Common security risks of working from home

1. Phishing
2. Weak/shared passwords
3. Unsecured WiFi networks
4. Outdated firewall software
5. Configuration errors
6. Personal devices
7. Unencrypted file sharing
8. Lack of cybersecurity training
9. Device and/or data loss/theft
10. Video conferencing vulnerabilities
11. Supply chain vulnerabilities e.g. security weaknesses of business partners/suppliers
12. Opportunistic crime eg where employees use company devices in public places

Cybercrime threats

At national level, a 2020 Department of Justice cybercrime report identifies the most significant current cybercrime threats as:

• ransomware and other malware threats,
• data breaches and network attacks,
• spear phishing (targeting specific individuals for the purposes of distributing malware or extracting sensitive information, and
• attacks against critical infrastructure.

In terms of risks to business, PwC’s 2020 Irish Economic Crime Survey highlights that when asked whether their organisation has experienced any form of fraud, corruption, cybercrime or other economic crime within the past 24 months, 51% of Irish respondents said, ‘yes’.

“We have identified criminal and state-sponsored campaigns exploiting the COVID-19 crisis. We also expect that cyber criminals will use VPN and video conferencing software lures to take advantage of users’ unfamiliarity with remote working,” PwC says.

Elsewhere, Deloitte recently highlighted that, “cyber criminals attempting to access corporate data, customer information and intellectual property are not the only threat to businesses—employees can also be a weak link in corporate IT security systems.”

Fighting cybercrime

Upgrading hardware and systems and raising employee awareness through regular training and communication are key tools in the fight against cybercrime but require investment and can put pressure on already stretched IT teams. Companies also need to be aware of potential weaknesses in their supply chain. Managing all of this is difficult at the best of times and even more challenging when people are working from home.

From a cybersecurity point of view, some of the most common risks associated with remote working include insecure Wi/Fi and firewalls, phishing and spear phishing.

Impact of new technologies

A related trend contributing to the current demand for IT professionals is that advanced technologies like artificial intelligence, machine learning and robotic process automation—which can enhance operational efficiency when successfully implemented—are also enabling cyber attackers to collaborate and carry out more attacks in a shorter space of time. Previously on this website, we looked at how ransomware attacks and developments in artificial intelligence and machine learning require resources in terms of technology as well as people

“Companies need to build in cybersecurity measures from the outset when designing systems and embed a security culture to protect against cybercrime,” says Eolas Recruitment Technical Manager Peter Kirby.

“That often requires additional resources because IT teams find it hard to balance ongoing maintenance, supporting users and meeting day-to-day business demands with the need to keep up with and defend against emerging cybercrime threats.”
Experience and skills

Asked about the type of experience that employers are looking for when hiring for cybersecurity roles, Peter says that senior roles typically require experienced candidates with deep knowledge of emerging threats who can review security, identify gaps and recommend changes.

“This means having highly advanced knowledge in areas like technical IT domains, operating systems, networks, databases, mobile and cloud.”

In terms of educational qualifications, degrees in information technology, cyber or cloud security or software engineering are an advantage while sought after technical skills include knowledge of web development and application security, Azure, AWS and certifications like CISSP, CISM or SANS, adds Peter.

A strong commitment to personal development is also important, says Eolas Recruitment Principal Consultant Stephen Daly who advises that candidates should keep their skills up to date and make sure that their CV includes any post-qualification certifications they have acquired.

“Good interpersonal and communication skills is also important as most senior roles involve managing relationships with senior management and business partners as well as with the company’s internal teams. Leadership and presentation skills, for example, are among the most highly sought-after non-technical skills,” adds Stephen.

Global demand for cybersecurity professionals

Ireland is not unusual in experiencing strong demand for cybersecurity workers. CSO Online recently reported that 40% of IT leaders say cybersecurity jobs are the most difficult to fill, making cybersecurity “a lucrative job field” for IT workers with relevant skills. We are always happy to chat and our website eolas.ie is always the best place to start your search, its constantly updated with super opportunities.

Previous Page Search IT JobsContact Us

Upload your CV

  • Send us your CV and we'll be in touch with jobs relevant to you.

  • Accepted file types: pdf, doc, docx, Max. file size: 10 MB.
    Friendly advice to all candidates - ‘Keep it Simple’. We use an automatic scanner to capture your CV, and key details. We then transfer this info to our database. Automated scanners are not compatible with CV’s drafted on powerpoint or with images, or excessive in design. Please use where possible standard word documents for CV formatting and submission where possible. This will maximise your details being retrieved in searches for job roles that fit with your skills and experience. Thank you.
  • In order to submit this form you'll need to agree with our Privacy Policy