Is working from home to be blamed for the rise in cyber attacks?
2020 was a year of uncertainty, forcing most businesses to adopt a “work-from-home” approach as the new norm. Unfortunately, many businesses, especially smaller businesses lack proper cybersecurity. This allows cybercriminals to quickly identify vulnerabilities in businesses as employees are working remotely.
According to the 2021 State of Phish annual report from Proof Point, an enterprise security company, ransomware and phishing attacks incidents have seen a global increase of approximately 60 percent. Ransomware is a scheme where hackers hold ransom of your systems or data assets. In 2020, more than 60 percent of survey respondents stated that they have experienced ransomware incidents at work. More than half of the respondents have reportedly paid the ransom in hopes of retrieving access to their systems and assets quickly.
Approximately 80% of public and private-sector organisations here ascribed recent rise in cyberattacks to the new work-from-home arrangement, according to a report by software company VMware.
With more employees working remotely with their internet connection and devices. the COVID-19 pandemic certainly did play a role in the increase of cybersecurity attacks. However, according to most experts, for organisations to keep their networks and systems secure, training must be given to employees frequently to educate them in spotting hacking attempts, thus preventing cyberattack incidents. In addition, security solutions such as endpoint and email protection must be in place as well.
Before the work-from-home arrangement, businesses are able to mitigate common cybersecurity risks through a firewall, employee training, and separation of work and personal devices. However, with the current remote working arrangement, putting up cybersecurity measures becomes a challenging task for IT departments.
Here are the top few cybersecurity risks organisations face with remote work:
Cybercriminals usually exploit unsafe network connections to gain access to personal and business data. With employees working remotely now and accessing corporate assets through their own network connection, cybercriminals will find it easier to penetrate through the defenses.
Home networks with poor security configurations present opportunities for cybercriminals to intercept the traffic that goes through that network. Public Wi-Fi networks are worse as they usually lack protection and safety measures unlike secured corporate Wi-Fi with multiple mitigation measures in place.
While Employees work remotely, the lines between their personal and professional lives may cross at times.
Most personal devices are not protected by strong security measures unlike the corporate devices in the office. Thus, this attack vector may potentially expose the corporate network to the risk of a breach.
Employees may possibly sell sensitive corporate information to third parties as well after leaving the organisation as they had access to its data from before.
Employees are able to approach their IT department easily to get matters resolved when working in the office. However, when working from home most employees rely on the Internet for answers to their technical issues to stay productive which usually are not as reliable.
Working with these answers and solutions found from the Internet bring risks that remain unknown to the business as they were never approved by the IT department. Shadow IT applications may require permissions that allow these applications to gain access to sensitive corporate information.
Human error is one of the common ways that cybercriminals use to leverage on to infiltrate into otherwise secure systems. A simple mistake by an employee such as clicking on a phishing link or using unauthorized personal devices or applications could expose the organisation to cyber risks.
Mitigating Cybersecurity Risks of Remote Work
Fortunately, there are measures to mitigate the risks that follow from working remotely. Some of the solutions and best practices any organisations should adopt include:
- Create policies and guidelines for employees working from home. Policies should be strictly adhered by and include the devices they have access to
- Remind employees to keep their devices updated and patched
- Ensure endpoint protection such as anti-virus software is installed.
- Protect your weakest link from clicking malicious email by onboarding email protection solution.
- Opt for a cloud infrastructure for better security
- Provide a secured access by setting up a VPN for employees' access to corporate network
- Craft a cybersecurity training programme to educate employees on the best practices to adhere while working from home, how to identify social engineering attacks, and the necessary steps to protect themselves
- Consider periodic email phishing simulations to identify repeated offenders and high-risk targets.
- As part of Enterprise Risk Management (ERM) strategy, cyber insurance may be a final piece in your puzzle to complete.
- Cybersecurity measures must be reviewed regularly.
The pandemic had caught many companies off guard, having to deal with the new norm of working from home. This has resulted in the drastic increase in cyberattacks. Today, businesses are adapting and embracing the benefits of working remotely.
However, the risks that come along with working remotely, also means a demand in the need of new mitigation measures, tools, policies and practices that lowers the risk of exposure to cyberattacks.
With the implementation of security measures such as firewalls, VPNs, anti-virus, anti-phishing tools and employee education, businesses will no doubt be more secured and safer from cybercriminals.
Cyber security solutions for your considerations: