Unseen Security Risks from Shared WFH Machines

There are many pitfalls that can present security risks to companies that employ employ work from home (WFH) staff. A personal machine that is unmonitored is an easy target for a bad actor, and even one that is monitored and partially controlled can be difficult to adequately secure.

For example, it recently was found that a popular computer game from Amazon Studios called New World had a major security flaw. As noted in this article, the game was capable of executing HTML code via the chat box function. Simply by hovering over an infected message, a user could unknowingly open his/her computer up to downloads and scripting. This, of course, could lead to a multitude of security risks including malicious executions, etc.

“But employees aren’t playing video games at work…”

…An executive may say. Hopefully, this is true. Unfortunately, the problem doesn’t necessarily end with logging out of the game, or even logging out of a remote session. Once a machine is infected, the aftermath can be unpredictable. While much of the world’s malware is intended to immediately and noticeably infect a machine—for various reasons, including technoterrorism, monetary gain, and others—some of the more insidious malware just listens and records. Activities and keystrokes can thus become part of a large data dump which can then be parsed and analyzed via forensic applications. And sold. Suddenly, any passwords and sites visited—including company portals and VPNs—can become a set of major security risks.

Even worse, a personal computer may be shared with or without a company’s knowledge. Jim may be a great human firewall, cognizant of phishing and a master of completing security training, but Jim’s kids probably aren’t as diligent. As such, little Jimmy or little Jenny could be playing New World or clicking into malicious sites or a thousand other activities that may put a computer at risk. And, to repeat myself, once one computer on a network is at risk, an entire IT architecture will be facing increased security risks.

How To Protect Your Company

Step one for safety can be creating policies that prevent the above hypotheticals from happening in the first place. We outlined some remote work risks in this and this blog article. Taking a look at those checklists and then an honest assessment of your company’s IT WFH security risks can be a great start.

Step two might be budgeting and planning for company resources to be utilized for WFH employees. This can be done safely, but it requires monitoring and access controls that may not be possible with personally owned machines.

Additionally, we are now recommending to all clients to utilize Multi-factor Authentication (MFA). We recommend Duo MFA due to pricing and utility, but there are other options available. MFA is a great last defense in the event that credentials are compromised.

Where Certified CIO Can Help You

If you’re not sure where to start, our security and IT management services can provide a stalwart defense against the bad guys. Whether through development of policy, updating aging IT architecture, or getting your business in compliance with bureaucratic requirements, our team of experts work every day to solve IT pain points for businesses and organizations just like yours. CONTACT US and we’ll be in touch!

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666

Unseen Security Risks from Shared WFH Machines

“But employees aren’t playing video games at work…”

How To Protect Your Company

Where Certified CIO Can Help You

Share This Story, Choose Your Platform!

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666