While working remotely has a number of benefits and seems to be the way forward for many, it does not come without its own set of caveats. Cybercriminals are taking advantage of this move to home-working, by using staff as easy points of entry to a business’s data, writes Bernie Marolia, pictured, Sector Director for Enterprise, NEOS Networks.
Businesses need to be swift in ensuring that their network and data are secure. However, protecting home-based networks in the same way you would in the office is almost impossible. One way to work around this is to consider securing endpoint devices, owing to the growing need to have the workforce acting as a first line of defence. Whether it is through policies for using personal devices safely or by deploying anti-malware and password management tools to protect them – it’s important companies are looking into the options available to them.
Given the uncertainty that has plagued our lives in recent months, people are undoubtedly looking to remain abreast of the latest COVID-related updates. This need to remain informed has been identified as a vulnerability that can be easily exploited through phishing emails disguised as informative COVID-19 news updates. In fact, according to Kaspersky, 25 per cent of employees surveyed say they’ve received phishing emails disguised as pandemic updates. On the flipside, 75 per cent of those surveyed said that they haven’t received adequate training on cybersecurity best practices when working from home. Shockingly, only half of them are using devices that were provided by their employers, or a secure VPN.
Organisations have also approached the installation of remote tools with haste. Installing these tools comes with its own set of issues. ‘Zoombombing’ is a prime example of this. This term, which was virtually unheard of pre-pandemic, describes an unwanted intrusion in a video conference. With a great amount of sensitive information being discussed using these collaboration tools presently, there is always a very real possibility that this information can be compromised.
Connectivity and VPN capacity is also struggling to keep up with the demands of a mass remote working culture. This is leading some to push employees towards unsanctioned systems just to get work done. Systems that can often lead to leaks and ingress.
Threats by sector
On top of issues that are relevant to all sectors, there are also sector-specific challenges to be mindful of. Retailers, for example, will need to continue to manage the consequences that arise from reduced in-store customer contact, focusing instead on their eCommerce channels. This means having a secure network that can manage increased traffic and offer digital payment options and clearly defined contactless delivery services that meet consumer demand. The finance sector faces similar challenges. A large fraction of their workforce is now operating via home-based ‘contact centres’ where agents must continue to manage highly confidential information. For staff working remotely, keeping control of personally identifiable information (PII) will be extremely important, as this is a prized target for threat actors.
As with any transformation that happens as swiftly as this has, these changes will have a significant impact on cybersecurity. Organisations will therefore need to respond appropriately to the new challenges that are surfacing. The workforce has had to adjust to this new way of working and cybersecurity is, understandably, not one of the first factors that they would have considered when stepping into this new lifestyle. An additional risk comes from sharing devices with family members, leading to additional ways that sensitive data can be compromised. It’s important to put in place appropriate tools and training to minimise risk. Home workers need to have the support necessary to complete tasks, without adding to their workload.
Keeping your business secure
Being aware and receptive to cybersecurity fundamentals will be key in protecting businesses from bad actors in the current environment and beyond; providing secure, managed VPNs, with one-click access is a good place to start. This should be paired with the agreed delivery of cybersecurity training for the workforce, helping them better identify suspicious emails and malware. Where possible, businesses should also deploy device management systems so that should employees need to use their own device, tools are in place to separate and gate work data from personal data.
Cloud-based applications and services can also alleviate risk by safely securing data away from physical devices and ensuring it can only be accessed through end-to-end encrypted connections. Businesses may also want to implement a cloud-based single sign-on service to add an extra layer of protection, filtering out obvious attacks like password sprays and spotting compromised accounts.
The challenge of the new network edge has been growing over recent years and is even harder to secure given the current circumstances. This means network security must be at the heart of a business’ IT strategy. The combination of technical tools and employee training is key for operational resiliency.
All these elements require a dependable and secure network, from the data centre to the public cloud to the end user. That means high-capacity connectivity between sites and VPN points of presence, as well as private connections to cloud providers and platforms. Networks are no longer just key to business operations; they are often critical to their very survival.
