The move to mass remote working as a result of Covid-19 has presented hackers with a range of new opportunities. More than half (57 percent) of UK IT decision makers believe that remote workers will expose their organisation to the risk of a data breach, according to a recent survey. Big players and established enterprises are not immune either. Even Zoom, a saviour for many organisations over the last year, saw security issues flare up as a result of cyberattacks.
With remote working set to continue thanks to the hybrid models now in place in many companies, cybercriminals will continue to use access points in home environments to prey on unsuspecting organisations. Studies shows that many firms are not taking this issue as seriously as they should. For example, one in five UK home workers has received no training on cyber security.
With hackers expanding their capabilities and intent, the focus on threats needs to shift to ‘when’ and not ‘if’ a company will be targeted. Organisations must remain vigilant and prepared for the unpredictable, ensuring they have the resilience to withstand unforeseen, high impact, and potentially commercially catastrophic events. Proactivity here is key, and by managing risk through some simple precautions, organisations can lessen the likelihood of becoming a victim.
As we creep towards the anniversary of when many UK offices closed their doors, organisations would do well to follow these three simple steps to help protect their networks from intrusion.
1. Refresh employee education
Organisations may have held a workshop or education programme for employees on how to stay aware of potential security risks right back at the beginning of the pandemic. However, due the ever-evolving nature of cyber threats, organisations must continue to refresh communications here.
Employees must be kept updated on the latest scams around Covid-19 and make sure they are on the lookout for phishing attacks – especially if they’re not using company-issued devices, as personal devices may not have the necessary protections in place. They must be trained on the most appropriate ways to use technology, such as being wary of suspicious emails, using more complex passwords, and limiting company-owned devices to work use only.
By making cyber security awareness a top priority, companies can help their employees take the necessary precautions to avoid a disaster occurring.
2. Be vigilant about what devices use the VPN
More often than not, remote workers pose the biggest risk when they use solutions that aren’t owned and centrally controlled by their organisation. For example, if an employee logs in to the virtual private network (VPN) using a personal laptop that doesn’t have up-to-date security patches or is already infected, it could leave the main network susceptible to breaches.
Organisations must ensure connections to the VPN are filtered and can only be made from systems with a baseline security level. Any device that connects to the VPN should have the latest security patches, an active firewall and be equipped with antivirus. It is also crucial to enforce multi-factor authentication (MFA) for anyone connecting to the VPN.
Businesses must ensure their systems are segmented, monitored and controlled with the minimum rights employees need to do their jobs.
3. Find budget for cyber security
In response to the pandemic, many organisations have tightened the purse strings and frozen budgets, making it harder to fund the much needed security testing that experts advise.
It’s critical that IT teams stand their ground and fight for finances needed to perform cyber security testing, so that organisations can identify vulnerabilities and close any gaps before they’re exploited. All the new connections to a network from remote staff pose risks. If an attack or breach were to happen at an already vulnerable time, it could leave an organisation out of business.
Don’t rush the process
A clear plan of action, internally tested on a regular basis to demonstrate robustness or identify potential weaknesses, is an absolute necessity today. IT teams must take on the responsibility of knowing where vulnerabilities lie and protecting sensitive data. Having a structure in place will help businesses react appropriately in stressful situations when time is of the essence and resources are limited.
Employees must be educated on potential security threats and be on the lookout for everything from phishing emails to malware attacks. VPNs must be secured, and IT teams need to push for the resources to run security tests in new environments.
If companies take these precautions, they can reduce the risk of cyber threats. Uncertainties will always remain, but an organisation’s network security shouldn’t be one of them. With workforces continuing to operate remotely at scale in 2021, the focus must be on locking down security to ensure one crisis doesn’t lead to another.