The COVID-19 pandemic has pushed organizations to remote work. Information technology professionals believe that the future of work will be either fully remote or semi-remote (hybrid). According to numerous surveys, the average employee now favors working from home for a few days every week.
As a result of the move to remote work, cybersecurity incidences have risen drastically. Organizations scrambled to organize remote work that exposed them to cybersecurity challenges and attacks. Remote work has continually put pressure on IT teams.
The increase in cybersecurity incidences has been both in frequency and sophistication. A report by Netscout indicates a 15 percent increase of distributed denial of service (DDoS) attacks in the first half of 2020 compared to a similar period last year.
Working from home has its challenges and risks for businesses that lack robust cybersecurity systems in place. Notable threats that have recorded spikes include end-point security gaps and email-based threats. Potential hazards or attack points when working remotely lie in:
- Unsecured Home Wi-Fi Network: The use of weaker protocols on an employee’s home Wi-Fi makes it easier for hackers to access network traffic. Other employees will have access through unsecured public Wi-Fi networks that pose the risks of intercepted traffic and confidential data loss.
- Phishing Attacks and Scams Targeting Remote Workers: Employees are prone to clicking on malicious links and attachments on seemingly legitimate but deceptive emails. Phishing attacks are one of the causes of data breaches.
- Weak Passwords: Simple and insecure passwords make it easier for hackers to access networks and data in no time. If a worker uses a similar password across the board, attackers gain unauthorized access to multiple platforms with potential wanton data loss.
- Vulnerabilities in Technologies: The use of new and inadequately tested technologies poses unique cyber risks. Vulnerabilities in the new remote work technologies are potential weak points targeted using malware. Additionally, third parties’ involvement, such as IT service providers, increases cyber risks in the working environment.
- Use of Personal Devices: With employees working from home, many will be using their devices to complete assigned tasks. Potential security challenges include a lack of customized firewalls, automatic backup tools, and robust antivirus software usually built-in in corporate networks. The risk of infection with malware and loss of data increases exponentially with the use of personal devices.
Even with the easing of COVID-19 restrictions, uncertainty still lingers. Some businesses may choose to work remotely for good, while others have gone for a hybrid model. Facebook and Shopify have their employees working remotely permanently.
Organizations need to understand the new cybersecurity challenges and revamp their strategies to address them. The cybersecurity risk profile of an organization needs thorough assessments and monitoring to manage and mitigate threats.
- Business and IT security personnel must work together to evaluate cybersecurity budgets to prioritize risk management and creating adequate resilience.
- Strategize on the use of unsecured access points. Remote work pushes employees outside of the confines of a corporate network and access points. The danger of an unsecured access point becomes a heightened risk. Employees need the training to be diligent when using devices from home and access Wi-Fi, especially in public spaces.
- Streamline administrator rights and employee credentials. Revise guidelines and requirements on how employees access data and communicate. Access restrictions, improved employee discipline, and robust data loss controls will mitigate risks associated with access and private information sharing.
- Effect changes that improve your technology and security infrastructure. Some stop-gap measures are regularly updating software to have the most recent security patches. The long-term measures may include migrating to more robust systems.
- Set up mechanisms to improve agility in responding to and addressing changes to security programs. Cybersecurity risks are a moving target with many emerging challenges that require special measures in response.
- Enhance cyber awareness and training exercises to track and improve employees’ cyber risk culture, management teams, and IT teams. Remote work introduces new cyber threats that employees need to know and prevent. Role-based training and exercises will help raise awareness, ingrain rules and roles, and report cybersecurity incidents.
- Set up a structured data backup strategy. All sensitive data must be encrypted to limit access by unauthorized persons. Look at diversifying data backup by not relying on a single onsite backup. The 3-2-1 general rule states have three different backups for sensitive information, two other backup formats, and one off-site backup if there is physical damage to office/business premises.
There’s no looking back. Remote work is here to stay, and organizations need to understand how their cyber risk profiles have changed. An overhaul of cybersecurity strategies, training, and exercises is required to address threats and minimize risks. Adopting a zero-trust security mindset is the way to go at a time when attacks are becoming increasingly sophisticated. Great emphasis must be placed on prevention or instead of being safe than sorry.