Due to the prolonged Covid-19 pandemic, industries in Malaysia made the shift to working remotely in order to cope with the mandated movement restrictions and lockdowns.

As the country transitions to the endemic phase, the survey “Implementation of Work From Home And Work From Office Practices In Response To Covid-19 Pandemic” by the Malaysian Employers Federation (MEF) found that 61.7% of companies planned to continue with hybrid work arrangements.

That’s no real surprise, considering the host of benefits working remotely brings about, particularly in the cost-saving department – according to the study, 78.5% of employers cut down on electricity and utility expenses, while 89.4% of employees saved on transportation costs and 88.6% felt less stressed from not having to commute.

But there’s a bit of a dark cloud marring the upsides that come with working from home – the increase in cybersecurity threats.

Ajay Kumar, Securonix’s director for Asia Pacific, Japan, and Middle East, said that while working from home was a silver lining of the pandemic, attackers are now targeting home users to gain access to business networks.

“When workplaces moved to the Cloud, the only thing that stood in the way of attackers gaining access became a simple user ID and password.

“Attackers discovered that they could target users on their home devices to obtain work login credentials, which is far easier than attempting to hack software.

“All they have to do is gain access to someone’s home system, steal their credentials, and they can now access those Cloud resources from anywhere,” he says.

Ajay Kumar went into more detail about what leaves remote workers vulnerable to threats.

“Covid-19 changed everything overnight. People started working remotely, which meant that organisations were just not ready for the transformation to take place.

“Safety measures and infrastructure had to be put in place so that employees could remotely access enterprise resources, but for a period of time, most employees were just using their personal devices to carry out their work without additional security layers,” he says.

According to Ajay Kumar, this transitional period and lack of infrastructure coupled with a more lax mindset when in a home environment left users unprotected against cybersecurity risks.

“Organisations rely on measures such as firewalls, intrusion protection and other sophisticated security technologies to keep themselves and their employees secure.

“But when at home, some users don’t even bother with updating their router firmware, leaving them vulnerable to exploitation by attackers,” he says, adding that some users tend to share devices among family members, which introduces a new level of risk.

He added that the moment workers moved outside the workplace and started carrying out their day-to-day tasks from home, it opened up more attack vectors for threat actors to take advantage of.

“Their personal lives and professional lives kind of merged together, which meant that they tended to use the same computers for both their professional and personal work. If users were to fall for a phishing attack originating from their personal email, this would also impact their work environment at the same time,” he says.

With the increase in phishing scams highlighted by Verizon’s “2022 Data Breach Investigations Report” – 46% of breaches were caused by such attacks – Ajay Kumar further explained the ramifications of being hit by an attack.

“First, of course, is the violation of an individual’s privacy – with attackers granted access to home networks, they could glean information from devices like computers or even Internet of things (IoT) devices like baby monitors.

“The second would be financial. Attackers could go after Internet banking credentials and credit card information – it’s not uncommon for personal data like this to be stolen and sold on the dark web,” he says.

He emphasised education, noting that many businesses have begun to provide timely information and tools to their employees.

“Education on being able to identify phishing emails and not simply clicking or opening documents from unknown senders is a fundamental step.

“But, beyond that, for those using personal devices, maintain basic security, which means having antivirus software installed,” he advises, adding that, if possible, one should avoid sharing work devices with family members.

Users should also adopt strong passwords and make use of multi-factor authentication where available.