Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Cybersecurity in home-office environments: An examination of security best practices post Covid
University of Skövde, School of Informatics.
2023 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The rapid growth of remote work has brought new challenges in ensuring cybersecurity in home-office environments. Based on a structured literature review and semi-structured interviews with industry professionals, this study investigates and identifies cybersecurity best practices for home-office environments post Covid and aims to fill existing research gaps by providing valuable new insights. Ultimately, the findings can support organizations and individuals to improve their cybersecurity posture when working from home. 

The findings from the literature review and interviews were merged and presented as consolidated themes, being the main results and contributions of this thesis. Furthermore, the results are reviewed in comparison to two well established standardized frameworks, ISO270001/2 and NIST CSF. The results highlight the importance of implementing easy-to-use functions for employees to report phishing attempts, avoid shaming those who have fallen victim for phishing  attacks and instead learning from their gained knowledge, reviewing and updating VPN configurations to withstand attacks specifically targeting VPN connections, enforcing as much security as possible and including what cannot be enforced in awareness raising programs and training, implementing Multi-Factor Authentication (MFA) via authenticator apps instead of via text-message based methods, and comprehensive security awareness training that is up to date with current trends in cyberattacks and risks. Physical security aspects differ between on-site offices and home-office environments and companies need to take this into consideration and raise awareness to their employees on the risks with working from home. Furthermore, companies need to raise awareness about the risks of using outdated or unsecured devices for work, plug-and-play devices such as routers with pre-configured passwords provided by network providers, and co-living scenarios such as flatmates overhearing sensitive work calls. 

While the reviewed frameworks include guidance in terms of controls for remote work, they do not address the specific case of home-office environments. Existing best practices predominately focus on remote work and while many of them can be useful for home-office work, they are two different strategies and thus differ in terms of risks and threat landscape. With the undeniably huge impact Covid has had on work life, sending complete workforces to their homes, best practices need to be updated by taking the specific challenges of home-office environments into account. 

Since the cyber threat landscape and attack methods continuously change and adapt, conducting an impact assessment of this study’s findings to evaluate their long-term effectiveness and sustainability would be a suitable suggestion for future work to extend this research. 

Place, publisher, year, edition, pages
2023. , p. 53
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:his:diva-22939OAI: oai:DiVA.org:his-22939DiVA, id: diva2:1779054
Subject / course
Informationsteknologi
Educational program
Privacy, Information and Cyber Security - Master's Programme 120 ECTS
Supervisors
Examiners
Available from: 2023-07-03 Created: 2023-07-03 Last updated: 2023-07-03Bibliographically approved

Open Access in DiVA

fulltext(923 kB)621 downloads
File information
File name FULLTEXT01.pdfFile size 923 kBChecksum SHA-512
6cd0f7306f009e7317d12aca5f27f6419ddb4356f2ead1cf9514637e03bc8d61ea578dc29f9eafaf5203fade996f71f47112772a6f9015314d45fe4c21370f4d
Type fulltextMimetype application/pdf

By organisation
School of Informatics
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 621 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 2071 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf