Working from home, en-route on a train, or even in a cafe can easily become a gateway for cyber criminals. The responsibility for corporate data and IT security lies equally with the company’s IT department as well as with its employees.

Home office and work en-route pose major risks to data security.  Photo: Shutterstock/WK1003mike

“The presentation is once again too large for email, here’s the link to the PPT in my Dropbox.” Let’s be honest: If this email is sent from the address of a colleague, who would resist the impulse to click on the link? If it turns out to be a disguised attack by a cyber criminal, the damage has already been done.

Especially work done from home, which has been advanced by corona, but also any other occasion for work outside of the company’s secured IT infrastructure, poses great dangers for IT security. Information technology departments are currently working at full speed to safeguard their employees’ laptops even when they’re working at their kitchen- or coffee table at home and connect to the Internet via their home WiFi. Especially at home, the temptation is often great to mix company systems and privately used solutions. “Employees should be careful to use only the approved computer and only the approved access points,” advises Ingo Legler, Manager for Information Security at DEKRA, and warns: “Even if something else works and is much simpler – it’s also much easier for hackers.”

Sensitizing Employees

For employees working from home, compliance with minimum standards of IT security is essential. Even the home office itself can prove problematic. The coffee table, where the rest of the family plays or watches TV, not only lacks the basic ergonomic requirements – but also those for IT security. “At the very least, home office users should categorically get into the habit of locking their computer when they leave it,” advises IT expert Legler. The Windows key plus L or the “three-finger salute” CTRL+ALT+DEL serve this purpose.

Ingo Legler, DEKRA IT expert. Photo: DEKRA/Daniel Hoffknecht

Ingo Legler has a whole range of other security tips that employees should take to heart in their home- or mobile office (see box). But his advice goes even further because threats to IT security don’t just have a technical level. “When it comes to data security, people are the biggest gateway for cyber criminals, and not even technology can reliably seal it off,” says the manager. He addresses the danger of so-called social engineering. It has long been one of the most successful attack techniques used by cyber criminals to circumvent security mechanisms by exploiting human weaknesses and collegial helpfulness. The previously mentioned email text is an example of such an approach. Another: How would you react to the following call? “Hello, this is Smith from the IT department. Due to home office regulations, we’re switching to stronger passwords. I’ll set that up for you. I need your current password, with which I’ll generate a new one to give to you.” Security-conscious users can guess: Revealing your current password turns the worst-case security scenario into reality. While the decoy keeps the employee busy on the phone for a few more minutes, his accomplice can dial into the company network from one desk away.

“People are the greatest gateway – but they can also be the greatest bulwark. If they’re attentive and know what they’re doing,” sums up DEKRA security expert Ingo Legler. This is why, especially in the current situation, it’s crucial that companies not only issue guidelines and technical security measures but also sensitize their employees to the risks and refresh their IT security training. “Beware of new acquaintances who show great interest in your work,” says Ingo Legler, emphasizing important content of such training courses. “The longer ago the training was held, the more the employees’ awareness of IT security rapidly decreases,” Legler knows. “Employers must therefore educate, educate, educate. Awareness is the be-all and end-all.”