How to manage cybersecurity risks when working from home
Businesses face a three-pronged threat to their IT systems as employees work remotely during the COVID-19 crisis
At present, businesses of all sizes are facing huge upheaval to their normal business processes, functions and operations. These fast-changing times have brought about an array of new challenges for businesses, with many organisations forced to quickly implement remote working solutions to ensure business continuity. That’s not to mention the ever-present cyber threats facing organisations.
In fact, with larger numbers of employees working from home and across various devices, it has never been more important for companies to consider the issue of security. There are three distinct areas of enhanced risk which businesses must address during the coronavirus pandemic.
1. Ongoing IT system and infrastructure maintenance
While efforts have been focused on enabling employees to work from home, IT areas that were deemed as high-risk prior to the COVID-19 outbreak, remain a risk or are at even higher risk now. With the majority of employees working remotely, there is a tendency to forget that these workers are still all connecting to core business applications and systems to carry out tasks and do their jobs. These applications are dependent on infrastructure such as servers, networks and firewalls, all of which work together to host secure connectivity for employees and customers.
Any system failure or attack on the company IT infrastructure has the potential to lead to significant IT downtime, greatly compounding the current crisis facing businesses. In the event of a core system failure, all remote working staff would be cut off and entirely unable to work, having an organisation-wide impact on productivity, customer service and service delivery. Furthermore, the time it would take to procure and replace infrastructure is greatly increased due to the current situation. The restriction of movement of people and the severe impact on supply chains could lead to prolonged, costly and potentially catastrophic system downtime.
2. Unsecure remote working solutions
Additionally, a greater risk is posed by remote access systems which have been set up with the mindset of: “get it working now, worry about security later”. However, now is the time for businesses to prioritise the security of their remote working solutions and consider factors such as:
· Authentication - Is my business using two-factor authentication for access to a secure VPN? Or, is a free, quick and easy remote access solution in place with untrusted and unsecure access controls?
· Devices - Are my employees equipped with company devices with encryption, antivirus and a managed vulnerability and software patching service, such as Novi PatchGuard, installed? Or are users accessing the company network and data from home PCs and laptops with unmanaged security and which are shared with other family members?
· User awareness - Has my business provided refresher security training to all employees? Do we have the safeguards in place to counteract the fact that people will not have the same levels of cybersecurity awareness and discipline at home?
Organisations need to consider all of the devices used to access their network and equip staff not only with the tools they need to securely work from home, but also the knowledge to identify and respond to cyber-attacks.
3. Increasing cyber attacks
Current reports indicate that thousands of new COVID-19-related malware and scam websites are being registered daily. In March, the World Health Organisation reported double the usual number of cyberattacks on health organisations across the globe. Whether or not employees are less alert to threats when working from home, cybercriminals are banking on this and developing thousands of new scams to exploit this attitude.
Tailored coronavirus scams which feed into people’s fears about the pandemic, also inevitably heighten the risk of a potential breach. The subsequent reputational damage and cost implications of such an attack and loss of data would be amplified in the current climate and could be a critical blow for many businesses.
These are unprecedented times and for many businesses, their very survival is at stake as they adapt to entirely new circumstances. While organisations are vulnerable right now, it is important they don’t take risks in relation to security and neglect the ongoing upkeep of their IT or cut corners on securing remote working solutions. An attack or failure of core systems that would take all employees offline could even prove fatal for businesses.
At this time, it is vital for companies to continue to heed the advice of their IT manager and remain in contact with their IT specialist. By carrying out a fresh risk analysis and review of critical infrastructure, they can develop and implement IT plans to help mitigate the enhanced risks posed by the COVID-19 crisis.
For advice on secure remote working please contact Novi.