How has Work From Home affected Insider Threats?

Today I read an article that by Tripwire, who specializes in cybersecurity. The author does a great job of covering several topics, most of which are beyond the scope of this post. For example, I found it interesting that it indicates that the cost-of-living challenges may be a current precipitant for a14% rise in reports to the Insider Threat Database (ITD).

I highly recommend that you check out the article in full.

While I definitely endorse that article, it got me thinking about how work from home affects many business risks. I'll reference a few websites but largely I'm going to speak from what I have seen since Covid (2020 or so).

The Skinny

In my view, work from home doesn't add anything unique to the risk equation for businesses, at least in terms of employee malfeasance. There are simply different emphasis on specific concerns.

In general, some businesses (not all) have had more difficulty monitoring employees who work from home. Unsurprisingly, aside from traditional work concerns (like productivity), this type of work can also increase skullduggery for the simple reason that no one is watching.

Risk Factors

As we have written about previously, the most commonly cited risk factors for employee embezzlement (or a simple misuse of company funds) are:

1. Pressure - also may be described as financial need
2. Rationalization - also may be described as treatment perceived as unfair
3. Opportunity - this prong is almost universally referred to as "opportunity"

As discussed, risk factors 1 and 3 are the most critical. Most people can manufacture a rationale. As you can easily see, if risk factor 1 (pressure) is present or increased by a rise of cost of living as suggested by the Tripwire Article, then number 3 becomes paramount.

[As an aside, our proactive practice focuses on number 3. Even if the other two factors are there, most people do not misuse company funds if there isn't a good opportunity to do so. In other words, most people do not go out of their way to steal. They'll do it in the right circumstances, of course. And those employees who are purposefully looking to get unlawful access to your funds, well, are bad folks who will receive their own article in future writings.]

Unique Risks with Work From Home

Here two of the areas in which I have seen issues specifically arising from employees working from home:

1. Remote work setups typically rely on virtual private networks (VPNs) and cloud-based collaboration tools to facilitate communication and workflow. While these technologies offer convenience, they also present security vulnerabilities if not properly configured and secured. Weak passwords, unsecured Wi-Fi networks, and inadequate encryption can all create entry points for outside fraudsters to exploit, or for employees working with outside bad actors. In one situation I am thinking of, an employee clicked on a phishing email and provided his login information for the VPN. Things went downhill from there.
2. In most medium-sized firms, there are often areas with walled-off access. Either a door locks, or there are keycards or other forms of authentication in order to be able to physically enter certain areas. That isn't always the case with VPNs and electronic access. Sometimes, there are backdoors and access to things that normal employees wouldn't normally have access to. In one specific instance that I am thinking of, an employee gained access to the accounting department simply by clicking on a specific server when working from home. The access had unintentionally been left by whoever set up the system. This may happen when an IT staff is overworked, inexperienced with VPNs or simply ignorant of the issues.

Other Factors are Still Relevant

As always, all of the ways in which in-person business is risky is likely still risky when done remotely. For example, if one person can sign checks (two signatures are not required), then your business is vulnerable whether the accounting personnel is at home or in the office. If one person is responsible for the books, your vulnerability is inversely tied to the skill, attentiveness and integrity of that person, regardless of location.

Final Thoughts (for now)

We are still new to the post-pandemic world in which the typical office environment is hybrid in-office and at home. At this point, there does not appear to be an appreciable difference in risk for employee malfeasance at one location over the other. Still, steps should be taken to minimize the risks of employee theft, misappropriation, or embezzlement. And we can help! Call with questions or to just discuss your situation with a free initial consultation.

 

This post originally appeared on LinkedIn.