The COVID-19 pandemic has required many companies to move their employees to a work from home environment.
For most of these companies, this required them to change network configurations to allow remote access, setting up user permissions, and accommodating remote logins to sensitive company software systems.
Trying to change a company’s processes from an office-based workforce to a remote workforce virtually overnight can lead to security problems, as discussed by Mark Polino in his recent blog post, Coronavirus - From Chaos to Controls. He points out: “Processes that relied on physical documents and signatures may break down, and permissions may not be fully considered through this process… In times like these, it will be even more common to see that, after emergency access has been granted to just ‘get work done’, it will never be revoked…” but that security should not be set aside because of a crisis situation.
Internal Fraud: The “other” security risk
Any organization faced with moving their workforce off premises is aware and prepared to address external security threats. Unfortunately, there is another risk that most of us do not consider: internal fraud. In a work-at-home environment, this becomes a serious threat.
For many employees, working from home is new and uncomfortable. They have been thrust into working on the dining room table or in the corner of a bedroom, possibly with an unfamiliar computer, using work processes that are foreign to them, and with distractions coming from all around. They miss the personal interactions with coworkers and familiar work surroundings, which can lead to feeling disconnected. The lack of structure can lead them to feel less accountable, since there is no longer any direct supervision of their work.
Add to those stressors tension or anxiety in the household due to circumstances like lost income, schools being closed, concerns about being laid off, and general fear for health and safety.
Those feelings, coupled with not being in a centralized office, can make it easier for employees to succumb and commit fraud. And without people around them, it’s easier for them to hide those activities.
In addition to taking steps to ensure they are protected from outside threats, companies also need to perform a complete review of internal control processes and establish stringent security measures to ensure they are protected against internal fraud.
Business managers should also take the time check on their employees who are not accustomed to working from home ensuring they have what they need and help them overcome any anxiety they may have under the new “normal”.
We dive deeper into this topic in our on-demand session, "Maintaining Strong Security in the New Work From Home World", part of our GRC Days series of educational webinars.