by Tim Rowan, Editor
An analysis of responses to our survey indicate that letting, or forcing, some staff to continue working from home if and when the COVID-19 pandemic eases is an attractive idea to many of our readers. Here is a summary of your answers and some representative comments. Following our report, read on for some pertinent excerpts from a warning issued by NetMotion, the Seattle-based company that provides security and continuous connectivity software for mobile workers. (Due to rounding, results may not always equal exactly 100%.)
The demographic breakdown of survey respondents was:
Medicare HHA: 38%
Private Pay, Medicaid, MCO home care: 33%
Technology company: 19%
Consulting firm: 10%
Other (staffing agency, event producer, DMEPOS company, palliative care): 12%
Yes, all are back: 18%
Yes, some are back: 38%
No, all who went home are still working at home: 26%
No, we will eventually bring everyone back: 11%
Maybe, we are discussing; no decision yet: 18%
Yes, it is working; we will allow certain office staff to work from home indefinitely: 15%
It is working so well, we will encourage work from home for all office staff for the foreseeable future: 11%
Complicated decision, explained in comments section: 3%
Not going back to "normal" any time soon? NetMotion security expert Mark Chisholm has published a warning on the company's blog site, titled, "Remote employees are dangerously exposed to risky content."
As our survey found, working from home has become a reality for many home health and home care providers, and hospice and palliative care organizations. This puts pressure on IT and security teams to ensure that employees not only remain as productive as possible, but also that they keep themselves and protected health information as secure as possible.
Do remote workers pose a greater cybersecurity risk than their counterparts at the office?
From Chisholm's blog:
"NetMotion recently aggregated a sample of anonymized network traffic data, searching specifically for evidence of users attempting to access flagged (or blocked) URLs, otherwise known as risky content. The analysis, which is derived from data gathered between May 30th – June 24th, 2020, revealed that employees clicked on 76,440 links that took them to potentially dangerous websites.
"All of these sites were visited on work-assigned devices while using either home or public Wi-Fi or a cellular network connection. The data also revealed several primary risk categories, which were identified using machine learning and based on the reputation scores of over 750 million known domains, more than 4 billion IP addresses and in excess of 32 billion URLs. The assumption is that a large number of employees connected to [an employer's] protected, internal (non-public) network would have been prevented from accessing this risky content."
Botnets: URLs or IP addresses found to launch attacks, including DOS, proxy jacking, spam messaging, SQL injections and others.
Malware: malicious content including executables, drive-by infection sites, malicious scripts, viruses, trojans and code.
Spam and adware: sites that illegally track or gather information, generate popups or install programs without the user's consent.
Phishing and fraud: sites posing as a reputable site, usually to harvest personal information. Sites are often short-lived
Note: Even if a site is suspected of hosting malware, it does not necessarily mean that the worker downloaded malware to their device. The same applies to other threats, such as phishing; the fact that an employee visited a risky site associated with phishing attacks does not mean that the target's credentials were necessarily exposed.
©2020 by Rowan Consulting Associates, Inc., Colorado Springs, CO. All rights reserved. This article originally appeared in Home Care Technology: The Rowan Report. homecaretechreport.com One copy may be printed for personal use; further reproduction by permission only. email@example.com