
Work from home, remote work, hybrid work, checking your email at home, finishing that last bit of work that you could not get to before you had to leave the office to pick up the kids, call it what you want but in all of these scenarios, a lot of us as logging into our work environments from our home internet connection. A lot of employers provide a virtual private network (VPN) connection back to the corporate network but not all actions require a VPN. For example, we may check our work email or access cloud based corporate applications without a VPN. The fact of the matter is that our home networks are orders of magnitude less secure than enterprise networks – a fact that has not gone unnoticed by malicious actors. Undefended or weakly defended home networks are essentially a target rich environment. Threat actors may want to access our personal data and our personal devices in order to gain access to our employer’s network and data. Our personal identity, our devices, our personal data security, and that of our families can be at risk as a result of who we work for.
In this post, we will outline the various ways in which our data and our privacy could be at risk from both threat actors as well as corporations that we work for. We will also look at what we can do to better protect ourselves as well as how Intelligent Digital Safety tools can help us gain visibility as well as control over our data, security and privacy. Some of these kinds of online security tools may even be offered to us by our broadband service providers.
Employer Monitoring
Many employers like to monitor work-from-home or remote work employees closely to understand if they are indeed being as productive as they can possibly be. Here are some ways in which companies may closely monitor their employees.
- Time Tracking and Productivity Monitoring:
Employers often utilize time tracking and productivity monitoring tools to ensure that remote employees are effectively utilizing their work hours. These tools help measure employee productivity, track time spent on tasks, and identify potential bottlenecks. Examples of such tools include Toggl and Time Doctor.
- Screen Monitoring and Activity Logging:
Screen monitoring and activity logging software allow employers who are working remotely to track employees’ computer activities in real-time. It enables them to view employees’ screens, monitor websites visited, and track application usage. Teramind and ActivTrak are two prominent examples of such monitoring solutions. Keep in mind that very often we do access our own personal data and sometimes our financial data while using our corporate devices. With tools such as the above, our sensitive data and our behaviors are clearly visible to those employees whose job it is to monitor us.
- Employee Surveillance:
Some employers use surveillance technologies to monitor remote employees’ physical activities. This includes the use of webcams, video conferencing systems, or even GPS tracking for field workers. Although controversial, this practice is legally permissible in some jurisdictions. One example of surveillance technology is Veriato, which provides monitoring solutions that capture screenshots and record video feeds.
- Communication Monitoring:
To ensure efficient communication and collaboration among remote teams, employers may monitor their employees’ digital communications. Tools like Slack and Microsoft Teams provide features that allow employers to monitor chat messages, file sharing, and participation in team discussions.
- Email Monitoring:
Email monitoring is another common practice to ensure compliance, security, and productivity. Employers may monitor employee emails for content analysis, detecting potential policy violations, or assessing productivity levels. Examples of email monitoring tools include Barracuda Essentials and Mimecast.
As remote work becomes increasingly prevalent, employers are adopting various monitoring practices to maintain productivity, ensure compliance, and protect sensitive information. While these monitoring techniques have their benefits, it is essential to strike a balance between monitoring and respecting employees’ privacy rights. Open communication, clear policies, and transparency can help address concerns and establish trust between employers and remote employees.
It’s worth noting that the legality and ethical aspects of employee monitoring can vary across countries and jurisdictions. Employers and employees must familiarize themselves with relevant laws and regulations to ensure compliance while implementing monitoring practices as well as to understand their own individual rights and responsibilities.
As the landscape of remote work continues to evolve, so will the methods of employee monitoring. Employers must find a delicate balance that protects their interests while respecting the privacy and well-being of their remote workforce but it is also important for employees to realize the risks that this kind of monitoring poses to their data and their privacy and learn to delineate corporate activities from personal activities.
Threats to data privacy from malicious actors
As the world increasingly embraces remote work, employees’ home networks have become a critical connection point to their employers’ networks. However, this interconnectivity brings with it the potential for cyber threats. Hackers are now targeting individuals’ home networks as a means to gain unauthorized access to corporate networks, posing a significant risk to organizations and their sensitive data. In this article, we will explore the dangers of home network breaches and their implications for employers.
- Home Network Vulnerabilities:
Home networks often lack the robust security measures found in corporate environments. Weak passwords, outdated firmware, and unpatched devices create vulnerabilities that hackers can exploit. Moreover, the presence of Internet of Things (IoT) devices, such as smart TVs and home automation systems, can introduce additional entry points for cybercriminals. A report by Netgear highlighted common vulnerabilities in home networks.
- Router Exploitation:
Routers, which serve as the gateway between home networks and the internet, can be an attractive target for hackers. By exploiting router vulnerabilities, attackers can gain access to all devices connected to the network, including those used for remote work. In 2018, the FBI issued a warning about Russian hackers targeting routers in homes and small businesses.
- Phishing Attacks:
Phishing remains a popular method for hackers to gain unauthorized access to both personal and corporate networks. By tricking individuals into revealing sensitive information or clicking on malicious links, hackers can compromise home networks and use them as a stepping stone to infiltrate employer networks. An example of this is the rise in COVID-19 themed phishing attacks during the pandemic.
- Credential Theft:
With the prevalence of data breaches, stolen credentials have become a valuable commodity on the dark web. If an employee’s home network is compromised, hackers can potentially obtain login credentials and use them to breach their employer’s network. A notable example is the credential stuffing attack on Twitter in 2020, where hackers used stolen employee credentials to access internal systems.
- Insecure Remote Access:
Remote access tools, such as Virtual Private Networks (VPNs), are essential for employees to connect to their corporate networks. However, misconfigured or insecurely deployed remote access solutions can create avenues for hackers. A recent example is the Pulse Secure VPN vulnerability that allowed attackers to breach networks remotely.
How can we protect our data and our privacy?
As remote work continues to be an integral part of the modern workforce, the risks associated with home network breaches cannot be ignored. Employers and employees must collaborate to mitigate these risks and ensure the security of both personal and corporate networks. Here are some things that we can all do to better protect ourselves and our data:
To protect home networks, individuals should regularly update their router firmware, use strong and unique passwords, and be vigilant against phishing attempts. Employers should provide clear guidelines on home network security, encourage the use of secure remote access tools and implement multi-factor authentication for network access.
- Regular security awareness training and ongoing monitoring of network activity are crucial for identifying and responding to potential breaches promptly. Employers should also consider investing in endpoint security solutions, network segmentation, and intrusion detection systems to bolster network defenses. If your employer does not provide you such training or resources, there are still tons of free resources available on the internet to help you learn about various ways to defend your home network.
- As a remote work employee, it is very critical to ensure that all personal data and transactions are conducted on devices that are not the corporate or employer provided device. This includes phone calls, text messages, use of messaging apps as well as any financial transactions.
- Be aware of your rights and responsibilities in various jurisdictions. It is important to make sure that you are aware of these for both the jurisdiction where you live as well as the jurisdiction where your employer is headquartered
- Be aware of what you expose on social media or any other public forums about the scope and nature of your role with your employer. This information is actively scraped from the internet by malicious actors and used to personalize cyberattacks on specific employees.
- If possible, use an Intelligent Digital Safety product that blocks privacy and security threats across all devices in your home. Leading products in this category will also provide clear insight on the extent and scope of internet activity in your home so that you can view and control which sites your home communicates with across every device, app and online service that you use.
It is crucial to understand that protecting your data and your privacy, especially if it can be targeted as a way into your employer’s assets, is a shared responsibility. That being said, the onus is more on the individual since the loss of personal data and personal privacy is significantly more impactful to the individual and there may not be a recourse. Awareness is indeed the best tool but the attacks that are emerging are becoming more and more sophisticated and personalized. Investing in whole home Intelligent Digital Safety solutions may even be a positive as some employers may see a potential employee who is proactively defending both themselves and their employer’s assets.