Cyber security: Why the biggest WFH risk actually comes from employees 

Written by Beth Gault Tuesday 07 February 2023
The National Cyber Security Centre has called cyber crime the “most significant threat facing citizens and small businesses”. More employees working from home leaves businesses and their supply chains more vulnerable. Here’s how leaders can stay vigilant
A malware warning

Cyber criminals are motivated by two things, according to Mike Wills, co-founder and director of policy and strategy at CSS Assure: making money and not getting caught. 

They also have three main approaches to getting that money:

  • stealing personal data and using it to access money, take out credit, or be sold on the dark web;
  • a “man in the middle” attack – intercepting communications so that money or data is sent to them; or 
  • holding systems or data to ransom, like in the recent Royal Mail attack.

Whether in the office or at home, these methods are much the same. However, with remote working, there may be increased opportunities for them to take place.

There was a 31% increase in the average number of attacks per company between 2020 and 2021

Accenture, “The State of Cybersecurity Resilience 2021”


“When you go into a workplace, you tend to put your business head on,” says Mike. “You might have a clear desk policy, if you walk away from your laptop you should be logging out, you’ve potentially got an in-house IT department who will be making sure your device is secured and up-to-date and therefore less vulnerable to attack.

“But working from home, you haven’t gone through that same psychological process of walking into the office. You might get more distracted or be more relaxed.”

This, Mike suggests, leaves businesses more vulnerable, unless they can find ways to stay vigilant in the age of hybrid working.

It’s also important for managers to be mindful that this risk is also present along your supply chains – and it’s on the rise. Successful breaches via an organisation’s supply chain were up from 44% in 2020 to 61% in 2021 according to Accenture’s The State of Cybersecurity Resilience report. In this respect, the National Cyber Security Centre – a part of GCHQ whose mission it is to protect various aspects of UK society from online harm – highlights the importance of maintaining a dialogue with your suppliers, who may also have employees working remotely, about setting and communicating your minimum security requirements. 

Keep reading for three simple steps to protect your business from cyber threats


If you are already registered as a CMI Friend, Subscriber or Member, just login to view this article.

Confirm your registration

Login below to confirm your details and access this article.


Please confirm that you want to switch off the "Sign in with email" remember me feature.

Register for Free Access

Not yet a Member, Subscriber or Friend? Register as a CMI Friend for free, and get access to this and many other exclusive resources, as well as weekly updates straight to your inbox.

You have successfully registered

As a CMI Friend, you now have access to whole range of CMI Friendship benefits.

Please login to the left to confirm your registration and access the article.