Increased remote working brings new challenges to IT security

In most of the interviewed companies, a large part of the workforce was working partially or full time from home during the pandemic. There is a consensus that the change to remote work has worked surprisingly well. However, this shift has impacted on IT security, and also generated a wider discussion about the future of office based and home based work.

“The change to remote work has worked very well, if anything we have almost seen an increase in effectiveness.”

Increased Demands

Many positive effects are generated by working from home, such as work-life balance, reduced commuting, less need for expensive office space etc. However, there are also negative effects, like compliance and IT security risks. These increased risks place new demands on companies.

“There are more challenges and more demands in a world where we work remotely, which leads to a need to have more control measures in place.”

Increase in compliance risk

Compliance risks increase outside of the corporate culture, with distance and less social control. It is easier to commit online crimes in the home environment than in the office environment. Addictions, such as alcoholism or gambling, can also get worse when working from home. “The internal controls are clearer when sitting together in the office.”

“When people break habits and experience increased pressure and stress, that can also increase negative behavior.”

“We have seen an increased risk for corruption and ethical violations, and we have also seen a considerable increase in theft reports.”

IT security risks

There is a risk that employees are less careful and security conscious in the home environment. It is also a less controlled IT environment, which means that it is easier to circumvent firewalls and other protection. Some companies have seen an increase in external cyber-attacks.

Risk related to CSAM

Most of the decision-makers that we interviewed said that there could be an increased risk that work IT equipment is used to download or consume child sexual abuse material (CSAM) when more employees work from home.

There are also a number of factors which may work to decrease risk, or leave it unchanged. The social world at home, with other family members, and limited private space, could decrease the risk. Less business travel, might also decrease the risk. Working from home also means that individuals may have access to private devices, which might decrease how much company IT equipment is used to view or download CSAM. Others say that risks have remained stable. That either a person has this interest or not.

Actual incidents

Although the results of the law enforcement survey (part one of the report), shows that CSA related crimes have increased, it is too early to say with definite certainty if business’ IT equipment has been more frequently used to perpetuate this crime. A few of the interviewed companies have seen an increase in incidents in their IT environment and/or on their equipment, but the majority of respondents have not.

“Working from home means an increased risk. We’ve had more incidents than we otherwise have, which is what we expected.”

“We have had some incidents, but not more than we usually have. Theoretically it should go up, we know that employees do this during their working hours and at home they have more possibilities than in the workplace.”

“We have not seen an increase in incidents. Perhaps it is more difficult to find the time and space to watch such material at home.”

Future of remote work

All of the interviewed companies say that they think there will be a bigger tolerance towards working from home when the pandemic ends. Only one of the interviewed individuals anticipated that they will probably go back to operating the same as before the pandemic. All other companies say that they will continue to work from home, and probably to a fairly high degree.

“I don’t think we will go back to how it was. We had to develop a new infrastructure that we now have in place, and it works well. I think we will end up in a new world where a majority of our employees work sometimes from home, sometimes in office.”

“I think it will become norm to work from home much more than before. I think employees will demand the possibility, and there are many positive aspects for both employee and employer.”