What is it about?
Is Work-From-Home (WFH) really bad for enterprise cyber-security when compared to non-WFH? Empirical statistics and market studies (obtained from surveying a few companies) on the number of enterprise cyber-incidents (with potential financial consequences) during the peak COVID period suggest/hint that WFH degrades the security of enterprises. In this paper, we strive to mathematically prove/disprove this "conjecture" for a general enterprise, backed up by real-world enterprise data and large-scale computer simulations (that alleviate generality drawbacks of empirical and market survey studies). As our main result, we surprisingly prove (against conventional intuition) that enterprise cyber-security is not necessarily worse in WFH environments when compared to non-WFH environments.
Photo by Nelly Antoniadou on Unsplash
Why is it important?
Our research is unique because it is the first work in mathematical economics of cyber-security that formally proves (over a broad family of enterprises) that WFH is not necessarily detrimental to enterprise cyber-security (when compared to non-WFH). It is extremely timely given the 'forced' push during the peak COVID time on employees to WFH. The research is extremely important to enterprise management (including the board) to decide based on cost-benefit tradeoffs whether to push for employees getting back to office post-COVID (at least on the dimensions of improving cyber-security and cyber-resilience). This, given that employees around the globe are increasingly preferring WFH to better balance out work and home activities.
Read the Original
This page is a summary of: How Suboptimal is Work-From-Home Security in IT/ICS Enterprises?
A Strategic Organizational Theory for Managers, ACM Transactions on Management Information Systems, February 2023, ACM (Association for Computing Machinery), DOI: 10.1145/3579645.
You can read the full text:
The following have contributed to this page