8 Cyber Risks from Working from Home

A lot has changed about the way businesses work over the last few years, including a rise in the cyber risks from working from home for RIAs and other financial professionals.

Most computer systems at big offices are well protected from everyday intrusions. Computers at home are not. This wasn’t as much of an issue until large numbers of business professionals began working from home during the pandemic. By the end of 2020, 71% of those who could do their jobs remotely were working from home due to Covid.

Since then, sensitive business and financial data has become more vulnerable to attack and theft, and many hackers have seized on the opportunity. The results are striking. Since March 2020, businesses have:

• Experienced a 400% increase in the number of cyber attacks.
• Faced a 60-times increase in the number of email phishing scams.
• Watched ransomware demands soar to an average of $250,000.

Many offices have since opened back up, but many RIAs continue to work partially or fully from home. By 2028, as many as 73% of all workplace departments are projected to have work-from-home employees. That means that the cyber risks from working from home are here to stay, and RIAs and other financial professionals need to take steps to protect against these exposures.

Here are eight of the top cyber risks from working from home today and what you can do to minimize your risk of a claim.

1. Office Access

Home offices tend to be much more physically open to the home compared to the workplace. A home office lacks the doorman, receptionist, video surveillance, keycard access and other security features common at an office.

Cyber risks increase if your home office space is shared with family members for their personal use, to work on school projects, chat with friends or surf the web. Risks can extend to access to your office by visiting friends, contractors, home repair workers and more.

To protect yourself and your clients, get in the habit of locking your computer when you step away and never leave confidential information lying around. Locate your office in a private area of your home and set boundaries with family members to protect your workspace.

2. Public Wi-Fi

Working from home doesn’t always mean working from a house or an apartment. It can mean working from a public location. However, working from a cafe, library, hotel lobby or airport lounge is risky.

Using unsecured Wi-Fi networks makes it easy to spy on data moving to and from your computer over the network when it’s not properly secured. Norton warns that the security on these networks is often lax or nonexistent and that there’s no sure way to know whether the connection is secure.

To protect your business communications, it is best to avoid using public Wi-Fi if at all possible and to use a secure VPN to encrypt your data when it’s not.

3. Smart Home Devices

Smart home speakers and other devices like Amazon Echo, Google Nest and Apple HomePod make life around the house more convenient. However, these devices are also at risk of being hacked.

Many smart home devices contain a microphone that a hacker may be able to switch on without your knowledge. It’s possible for a hacker to use such a device to listen in on sensitive work conversations you have with colleagues and clients.

To protect confidential conversations from being overheard, it’s best to avoid talking about work near your smart home devices and locate them in a space away from your office.

4. Email Requests

Many cyber criminals play on the familiarity and trust that exists between work colleagues, even when they’re not in the same room. Fraudulent email requests represent one of the biggest cyber risk you can face while working from home.

At home, remember that your colleagues aren’t sitting nearby. Without checking, it’s impossible to know if a request for confidential data or transfer of funds is authentic and approved, or if their email account could have been hacked or otherwise compromised.

To protect yourself and your clients, follow a set procedure to verify any unusual or unanticipated requests from colleagues, vendors and clients, and always verify every request for a transfer of funds according to current best practices.

5. Technical Issues

Technical issues are bound to occur from time to time, especially when you are working from home.

These situations can be frustrating, but going outside the proper established process for solving them can introduce security vulnerabilities that expose your data.

To protect your computer systems, avoid trying to solve technical problems that arise while you’re working from home by yourself. Have a procedure in place for contacting your help desk to resolve the problem for you.

6. Password Managers

A password manager is a useful tool for better password security, especially when you have to juggle dozens of passwords for work. However, using the wrong kind of password manager when working from home can introduce new security vulnerabilities.

A good password manager should make it easy for you to login without allowing unauthorized users of your computer to access what they shouldn’t.

To protect your passwords, avoid using the free automatic password manager in your browser that offers to save your passwords when you log into an account. Instead, it’s better to use a reputable password manager that has been vetted by your IT administrator and compliance team that uses secure AES 256-bit encryption and has MFA security features.

7. Home Printing

Printing for work at home can be inconvenient if your work computer isn’t compatible with your home printer, or you don’t have the right admin permissions to add print drivers or connect to an outside device.

There are ways around these problems, such as emailing yourself the document you want to print, either directly to a smart printer or to a personal email account. But doing so is very dangerous from a cybersecurity standpoint. If your network or personal email account are compromised, your company data could be exposed.

To protect work documents you need to print at home, it’s better to skip the shortcuts. Set up secure access for all your printing needs and contact your IT expert if you are having trouble with your connection.

8. Communication Tools

Online communication tools are a must when you’re working remotely, but not all tools are appropriate for sensitive work discussions.

Social apps like WhatsApp and Facebook Messenger are suitable for personal conversations, but they can introduce security vulnerabilities if your password is compromised or your laptop or mobile device is lost.

To protect confidential conversations, avoid using insecure social apps for work purposes. Instead, find communication tools that are appropriate for the kinds of messages you need to exchange with colleagues, vendors and clients, making sure they are approved for use by your organization.

How to Protect Against Work from Home Cyber Risks

The cyber security risks of working from home won’t disappear anytime soon. New targets and vulnerabilities will keep hackers and security experts busy for years. In the meantime, it’s especially important for RIAs to follow the best practices for managing cyber risks.

Unlike other work from home professionals, RIAs and other financial professionals have a fiduciary duty to their clients under ERISA. In the event of a cyber attack, you may be held liable for damages in the event of a breach, hack or unauthorized distribution.

Financial exposures can often exceed $250 per record, but with Lockton Affinity Advisor’s Cyber Liability Insurance, you no longer carry all the risk of these costs. Cyber Liability Insurance is available to add to your Lockton Affinity Advisor E&O policy for better protection and peace of mind.

While other industry groups and associations offer Errors and Omissions Liability Insurance policies with shared aggregate limits, Lockton Affinity Advisor offers coverage with individual limits, so that you will always have access to your full policy limits.

Plus, Lockton Affinity Advisor coverage meets ERISA standards, including services as an ERISA 3(21) and 3(38) advisor.