With an increase in employees working from home, there’s a new set of risks that security executives and teams must address as the workforce moves from physical offices to working remotely.
5.2% of employees worked from home in 2017. Since the pandemic, that number is closer to 25% or 30%. Some sectors, such as technology, have effectively gone 100% remote. According to many surveys of executives and office employees, most desire a more flexible working arrangement and believe they’ll continue to work from home one to two days a week in the future.
Implementing a work-from-home strategy has impacted management’s risk environment and corresponding internal controls — from execution controls and virtual private network (VPN) access to assessing the infrastructure changes required to support a large remote workforce.
Here, we’ll outline how cyber-risks are increasing as companies transition to remote work and the ways a System and Organization Controls (SOC) examination for Cybersecurity can help your organization.
Increased risks
With a greater reliance on collaboration tools and technologies for remote workers, there has been a marked increase in phishing attempts and ransomware attacks. In addition, changes in regular operations could mean that standard monitoring controls no longer take place.
Monitoring controls
Robust monitoring controls to counteract these threats are a necessity along with vigilant oversight from management. Companies should evaluate if they can still obtain sufficient evidence to verify the functioning of internal control operation effectiveness. This includes checking that all monitoring functions remain in effect and documenting those for eventual use as audit evidence.
As a result of the changing work-from-home environment, boards of directors and senior executives of organizations see an increased need to better understand their cybersecurity risks. One solution is a SOC examination, commonly referred to as a SOC audit, for Cybersecurity.
SOC audit for cybersecurity
A SOC audit for Cybersecurity can help provide a reporting mechanism that organizations can use to communicate relevant information about the effectiveness of their Cybersecurity Risk Management Program (CRMP).
This examination provides an independent, entity-wide assessment that gives boards, investors, business partners, and other stakeholders confidence in an organization’s CRMP. This can help organizations better identify and contain potential cyberthreats.

