Site Logo

Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Skip to main content
David Smith, CHCIO, CISA
December 16, 2021

A recent report from Hewlett Packard – “Wolf Security Blurred Lines & Blindspots”– identified some alarming trends found in the rise of work from home employees which have the potential to create new vulnerabilities for companies, individuals, and their data.  This report surveyed employees who were currently working from home. It provided insight into behaviors that potentially open the door for cybersecurity threats when working from home:

  • 70% of respondents admitted to using their work devices for personal use
  • 69% are using their personal devices for work related tasks
  • 30% stated that they have allowed someone else to use their work device
  • 27% stated they use their work device to play games. Per the report, there was a 54% increase by hackers exploiting gaming sites in 2020.
  • 36% stated they are using their work device to steam movies and videos


Devices used in a healthcare setting must adhere to the HIPAA Minimum Necessary Requirement found in 45 CFR 164.502(b) and 164.514(d).  This rule states: “The Privacy Rule generally requires covered entities to take reasonable steps to limit the use or disclosure of, and requests for, protected health information to the minimum necessary standard to accomplish the intended purpose.” Allowing someone else to access or view patient information is a violation of the HIPAA Security Rule. Aside from inadvertent exposure by allowing a friend to use your device, working outside of the office also exposes the device to cybersecurity threats.

Cyber criminals are targeting home workers more than ever with a reported 238% increase in attacks since the onset of the COVID-19 pandemic.  The most prevalent vector is an email where the attacker tries to trick the recipient by first – trusting the sender. This is done by the sender “spoofing” or faking the email address and format of a trusted co-worker or manager.  If the recipient can be made to believe their email is legitimate, they will be more successful in getting them to click on a link in the email or by convincing the recipient to download or open an attachment.

Here are a few suggested cybersecurity precautions you should take when working from home and opening emails on a work device:

  • Lock your screen when you walk away – use the Windows Logo Key + the letter “L” on the keyboard
  • Never allow family or friends to access or use your device
  • Do not use your work device to open emails from personal accounts. Links and attachments may not have the same threat review standards that your work email may provide.
  • How to recognize an email that is a phishing email:
    • Bad grammar and spelling mistakes
    • Unfamiliar Greeting or Salutation
    • Inconsistencies in the email addresses, links and email domain names are different
    • Suspicious Attachments
    • Emails or links requesting login credentials, passwords, financial information, etc.
    • Too good to be true – gifts, money, etc.
    • Caught you doing something through the camera on your computer – blackmail

Per Security Magazine (January 2021), 91% of cyber-attacks start with a phishing email. Therefore, employees are the first line of defense to protect against cyber-attacks.