Toggle menu
Corporate 18 March 2020

Security and Working From Home

The many complexities around remote working have long been used as an excuse for limiting its roll-out. But with recent announcements that everyone should try to self-isolate, businesses are now being forced to change their stance.

The good news is that the technical barriers to home working have been steadily lowering. In fact, most of the remaining challenges relate to your employees and how they respond to cyberattacks and social engineering.

As companies finalise their emergency remote working provisions, Fidus recommend you must address the following:

IT-based threats

Increasing the number of external devices connected to the corporate network also increases the attack surface available to cybercriminals. Without the rigid protection of the company network, malicious actors are likely to target your users direct.

Phishing and email scams present a huge danger, especially if employees are using their own devices for remote access. It is highly likely that their on-device provisions will be less stringent than those on their workstation in the office.

Before sending employees to work from home they will need some basic training in how to spot fraudulent emails, and how to deal with them.

Social engineering threats

As well as phishing, hackers may resort to more manual techniques too. This may be as simple as someone calling via Skype pretending to be from your helpdesk and asking for their login credentials. More sophisticated scams involve “couriers” delivering a new laptop or other hardware to the employee’s home office by masquerading as if sent by your IT team. The device is already compromised in some way, allowing hackers to piggy-back off the VPN connection once re-setup to gain access to the company network.

Again, awareness is key to defeating social engineering threats. You should establish a protocol for communicating between the IT support team and remote users. Again, provide home workers with basic training so they know what to expect – and what to watch out for.

Shadow IT threats

Shadow IT is already a major issue for the business, but when operating outside the direct control of the IT security team it may worsen. Users will inevitably take the path of least resistance, defaulting to apps and services they are comfortable with.

Expect to see an uptick in the use of personal email addresses and cloud file sharing platforms. Similarly, VoiP, video conferencing and instant messaging tools may become a problem.

Before allowing any staff member to begin working from home you will need to show them which tools they have at their disposal, and what they are used for. You should stress the importance of only using these tools. If they find a task that cannot be completed using the software available, they must contact the IT team before trying any workarounds.


Alongside the general panic caused by the COVID-19 virus, businesses have the additional headache of trying to deploy remote working as quickly and safely as possible.

In the first few days after go-live there will undoubtedly be a greater risk to company IT security as everyone gets to grips with the new working model. You should expect to see a corresponding uptick in calls and emails to the company helpdesk.

However, when done right, you are actually laying the foundation for a remote-enabled future and the many benefits it brings. To learn more about countering these challenges quickly please give us a call or reach us here.