People working remotely to help prevent the spread of coronavirus are at greater risk of being hacked because they are likely to be using less secure computer settings, an expert has warned.
As more businesses encourage staff to work from home amid the Covid-19 outbreak, a computer science lecturer at Loughborough University has urged workers to check their security settings.
Dr Asma Adnane said remotely accessing sensitive business data causes additional cybersecurity risks, and she encouraged anyone planning on working from home to speak to their IT department first.
She advises the use of secure connections such as a Virtual Private Network (VPN), which effectively encrypts data travelling between a user’s computer and the work network.
“Working from home might be convenient and safer for you, but this might not be safer for the services and the data you are accessing remotely, especially if you are handling sensitive or personal data,” she said.
“There are many cybersecurity implications while working from home, you are basically connected to internet via an open and maybe non-secured networks – home wifi or any public wifi – so all services and files you are accessing become at high risk of attack.
“Cybersecurity threats are generally higher as you are not connected via the secured workplace networks, which have adequate security measures that you do not see such as web filtering, firewall and encryption of data.
“Indeed, if you access sensitive data through unsafe networks, your connections could be intercepted, and the data compromised.”
Dr Adnane said anyone working remotely needs to be aware of their surroundings outside of the office, and not leave devices unlocked when in public spaces such as trains or coffee shops.
The computer science lecturer and cybersecurity expert also urges people to take care when reading work emails on their smartphones or other devices.
She said: “The security risk is even higher as well if you are not using the corporate machine to connect remotely. In fact, corporate machines are usually up to date with the required security level: patched and updated software and operating system, encrypted hard drive, automatic screen lock and so on.
“Imagine people accessing their work email from their phone, it will be harder to spot phishing emails as they can’t have a good view of the email and the link or attachment in it.
“Another example is if they are accessing services or files from a malware-infected machine, malware could easily access sensitive data and even spread in the corporate network.”
Dr Adnane said those working remotely should liaise with their IT department and take any training offered by their employer around cybersecurity.
She urged workers to use a VPN whenever working from home as well as multi-factor authentication to log in to work-related services, adding to the security of their existing password.
People should also regularly check for software and security updates on their devices to ensure they are always fully protected, she added.
“Finally, employees are usually the weakest link in cybersecurity, so make sure you do the required training to keep you aware and on track of the cyber-security measures and guidelines in place,” she said.