Covid-19 has drastically changed the working environment in all corporate environments all over the globe. Working from home has become the new normal, creating a cybersecurity threat in the process.
To know how mandatory work from home during the pandemic has led to an increase in data theft in 2020, let’s look at some events that took place this year.
Rising Cybercrime Levels in 2020
Companies with good cyber and network security systems are less prone to cyber-attacks. But at the same time, many corporates were not aware of the risk involved in connecting remotely.
William Altman, a Senior Analyst at Global Cyber Centre, NYC, said that all kinds of organizations face the risk of endpoint security gaps, email-based threats, and other problems resulting from an unplanned switch to a remote working system.
This year, in particular, has seen an uptick in cyber crimes across the board. According to a Microsoft report, ransomware groups targeted a wide range of industries in April 2020, like education, transport, medical manufacturing, and government institutions.
The Czech Republic registered a cyber attack on the IT network of Brno University Hospital this year as well, compelling them to shut down the system.
To this end, cybersecurity has become the most critical task, taking into consideration ethical-hacker perspectives and security practitioners.
Factors That Increase Your Vulnerability to Cyberattacks
Using best practices for your data safety is easy in the office; however, many employees overlook these security measures when at home.
The three main concerns affecting security threats and hazards of remote work are:
- Home WiFi Security: Even though the company’s IT managers can control all WiFi networks’ security, the protocols of an employee’s home networks could be weaker. For example, they may have a WEP setting instead of a more secure WPA-2. These mistakes in personal WiFi increase its vulnerability for hackers.
- Phishing Scams: One of the leading causes of a data breach is a phishing attack. Hackers send deceptive and seemingly legitimate emails containing malicious attachments and links. Once an email receiver clicks on the link, the hacker gets access to the user’s device.
- Insecure Passwords: Simple passwords can be hacked easily, creating a threat to the employee’s device’s data store. If the employee uses a simple password for multiple accounts, the hacker gets access to all those accounts in case of an attack.
In this pandemic situation, work from home has become almost mandatory. As a result, businesses must ensure the security of every device.
Indications of Cybersecurity Threats
The first step towards battling the significant surge of cybercrime is to know the signs. Organisations could identify cybersecurity breaches via the following indications:
- Sudden slow-down of computer.
- Strange pop-up advertisements on the screen.
- New programs and software that haven’t been installed appear in the system.
- Abrupt loss of control of the keyboard or mouse.
- In the scenarios mentioned above, employees must immediately inform the company’s IT administration team to safeguard the data.
Practices Needed to Prevent the Data Breach Threat
Being on top of updates is necessary to avoid weak spots for hackers to exploit. The IT department must ensure that all the software used in the employees’ day-to-day working environment is up-to-date and patched.
Regular Risk Assessments
Perform vulnerability assessments to review and address the changes or new data protection risks. Ensure complete safety for employees in aspects like data protection, data storage, and remote access. Additionally, procedures and policies must be adequate for data protection.
Ditch the VPN
Organisations must adopt cloud-agnostic and scalable network security solutions instead of hardware-based legacy VPNs.
These VPNs can create security threats to the remote working environment. They cannot effectively secure policy-based remote access to hybrid cloud environments, on-premises, and business applications.
Staff Training and Awareness
The IT support team can train your staff about the procedures to follow for data security, the importance of following data security norms, and the loss anticipated in case of cyberattacks.
Encryption and Data Backup
Ask staff members to encrypt their personal data on company-issued laptops and systems. Instead of using data tapes, personal data can be stored using remote services, with the internet’s help.
- Leader Insights | Cybersecurity essentials with CISO Jordan Schroeder
- Report | Employee mistakes cause almost half of cybersecurity incidents
- Businesses hit with six-fold increase in cybersecurity losses over the past year
Regular Risk Assessment
Perform vulnerability assessments to address and review new risks and data protection changes. Consider aspects like remote access for employees and data storage to determine if the procedures and policies are appropriate.
Third-Party Data Security Evaluations
Organisations can employ a third-party agency for risk evaluation to ascertain the outside view and provide an objective assessment of the current breach risk. These agencies can advise each company’s specific solution for minimising the risk associated with the data breach.
It is expected that even after the pandemic subsides, people would not be willing to work from the office every day of the week. This means that a combination of work from home and in-office work would be the new normal.
In such situations, maintaining cybersecurity for employees that work from home is set to be a crucial task for organisations going forward. And companies must take every opportunity to educate their employees about the relevant cybersecurity risks to safeguard their data.
Adrienne Campbell is a security consultant and holds a BS degree in Cyber/Computer Forensics and counterterrorism from the University of Illinois, Chicago.