COVID-19 has been a catalyst for change over the past six months. Many businesses have not only introduced remote working measures but also started to take advantage of new technologies that they hadn’t previously considered using until now. It seems that the penny has dropped for many; those who don’t adapt and change now will fail to make it in the post-pandemic reality.
However, while this eagerness to accelerate their digital transformations is commendable, it comes at a cost. Not only has COVID-19 changed businesses digital and technological strategies, but it’s also changed the approach of cybercriminals.
According to the World Economic Forum’s COVID-19 Risks Outlook, 50% of organisations were concerned about increased cyberattacks due to their shift to remote working. This concern certainly had merit, with cybercriminals taking full advantage of hastily implemented digital transformations and a lack of cybersecurity on remote working employee’s devices.
Thanks to the almost overnight surge in employees working from home because of COVID-19, the number of people using business virtual private networks or VPNs, has increased by 165% since March this year. However, while VPNs are designed to increase cybersecurity, The UK's National Cyber Security Centre (NCSC) has found increases in cybercriminals exploiting vulnerabilities in VPNs, remote-working tools and software.
According to a recent study by Deloitte, there has also been a spike in phishing, ransomware and Malspam attacks, with a reported 600% increase in phishing emails since the end of February. Cybercriminals are using the pandemic as bait to impersonate brands and mislead both employees and customers into sending them data and funds. Cybercriminals have also tricked end-users into downloading ransomware, disguised as legitimate COVID-19 related applications and attachments.
It's now entirely possible for cybercriminals to gain access to sensitive personal and business data by exploiting the cybersecurity vulnerabilities of an employee's home network or email account. Unfortunately, that’s not all. With many cybersecurity teams currently dispersed due to COVID-19, the detection of malicious cyber-attacks and the subsequent response can be delayed; giving attackers additional time to hack systems and software.
To address these new challenges brought on by COVID-19, a new approach to cybersecurity will be required for many businesses to ensure maximum protection during the pandemic and beyond. With remote working, increased used of cloud-based services and dispersed security teams, change is needed to ensure full protection whilst also providing a positive user experience by all. Here’s some practical suggestions on this can be achieved to help business leaders prepare for this new reality.
Cybercriminals are often able to infiltrate businesses by taking advantage of trusting employees who have received little to no training on cybersecurity threats. This lack of education and understanding increases the likelihood of them unwittingly playing into the cybercriminals hands by opening phishing emails and downloading malware.
As more and more employees are now working from home and apart from their colleagues, this makes them even more vulnerable to the risk of cyberattacks. So it’s imperative for business leaders to start investing in cybersecurity training programs moving forward to increase employees awareness and to help them spot potential attacks more easily. This can be a simple yet effective first line of defence which can lower the number of cyber-attacks considerably.
A clear process of what to do should they spot a possible threat or receive a suspicious email should also be in place and communicated throughout the organisation.
With remote working set to continue for many moving forward, the first and arguably biggest priority for organisations now should be to increase the security of their remote worker’s devices and home networks.
Employees should be encouraged to use VPNs for enhanced security and data encryption. These can be given additional protection via strict authentication and encryption methods, as well as limiting access to only those who need it. Audits of remote workers home devices and networks should also be carried out to pinpoint potential weaknesses such as weak passwords.
Businesses have become reliant on collaboration apps such as Zoom and Microsoft Teams during COVID-19, but these can also provide a gateway to cybercriminals. There have been several instances in recent times of cybercriminals gaining unauthorized access to sensitive. video conference meetings. To prevent this from happening, ensure all employees check meeting links, lock meeting rooms and use blurred backgrounds to hide sensitive information.
A recent IBM study found that the average cost of a single data breach is $3m. With a figure like that, it’s hardly surprising that so many organisations want to strengthen their data defences right now. An option that has seen considerable growth over the past six months is zero trust security policy.
Zero trust security policy requires strict identification verification from anyone attempting to gain access to data, infrastructure or resources on a network, regardless of whether they are inside or outside of the network perimeter. Another bonus is that it can be set to give users only as much access as they need, which can minimise their exposure to sensitive data on the network. By assuming that everyone is an attacker, this policy can effectively provide additional protection against endpoint compromises such as phishing and malware.
It’s abundantly clear that in this new post-COVID-19 reality, business leaders will have no option but to change their cybersecurity management measures. As we change how we use technology in response to the pandemic, the ways in which we protect data and sensitive information should change with it.
By developing fresh policies and security measures with remote working, new technologies and potential cyberthreats in mind, working from home can be just as secure as working from the office.