In this article, we explore the impact on this new working from home culture on business’ cybersecurity, the new challenges posed, and what businesses can actually do to fend off hackers’ idle hands.
Before Covid-19, remote working was somewhat of a luxury – a ‘nice-to-have’ reserved primarily for ‘knowledge workers’ and a bargaining chip in job offer negotiations. It was rarely considered a business imperative or vital employee need. According to data from the Office of National Statistics, just 5 percent of the UK’s 32.6 million active workers (1.7 million) regularly worked from home in 2019. But with coronavirus forcing people back into their homes to stem the spread of the virus, working from home quickly became our new reality, with many more millions relocating to makeshift home offices.
And so, we saw an unprecedented reliance on technology to keep us connected to employers, employees, partners and suppliers – among many other things. We set a new ‘baseline’ in today’s digital era – one in which videoconferencing, messaging platforms, and mobile devices kept operations running for businesses of all size and sector. Data from Ofcom details how use of popular videoconferencing service Zoom grew by a whopping 2000 percent between January and April this year. What’s more, according to the same data, more than seven in 10 UK citizens are now making video calls at least weekly – up 35 percent from pre-lockdown.
However, with increased connectivity comes increased vulnerability in the online realm. The longer we spend online, and the more technology we use, the more chances we give hackers to try their luck to infiltrate our network and devices. Cybercriminals have taken advantage of this shift in working habits for their own gain.
On high alert
Cybersecurity was already high on many businesses’’ agenda before Covid-19. The introduction of GDPR served to underline just how much some organizations were playing fast and loose with customer data, as evidenced by the hefty fines doled out to the worst culprits. But now, we’re arguably seeing even more breaches than before the pandemic – which is not surprising given the number of people working from home.
What that means is that hackers (individuals, competitors, or even state-sponsored at times) have an easier time accessing corporate information, as it is now being stored and used on unsafe networks in employees’ homes. These cyberattacks have taken many forms.
The World Health Organization (WHO) reported a fivefold increase in cyberattacks during the pandemic. Hackers tried to direct attacks at the WHO’s staff, resulting in the leak of employee emails and passwords, as well as target carefully disguised scams at the public, in a bid to gain from confusion and misinformation. Last month, the BBC reported that Russian hacker group Evil Corp had launched ransomware attacks against at least 31 American organizations, by targeting employees working from home. Opportunity is clearly rife. But why?
A new attack surface
Enabling all employees to work from home has significantly increased the surface of attack for companies. It’s especially true for employees who did not have jobs that require traveling, necessitating enhanced virtual security protocols, and where their cybersecurity was therefore maintained by corporate networks in offices. It is also true also for all those who are now spending far more time on working on non-trusted home networks, which are not protected by corporate cybersecurity solutions. The reality is, our home networks – which include our home broadband and any personal devices we may need to use for work purposes – do not include the same, robust enterprise-grade cybersecurity we’ve come to expect in the office. But this doesn’t mean that there aren’t measures we can take in the home to ensure that we’re mitigating any heightened risk for cyberattack.
From corporate to couch – extending protection
Any company that is allowing and enabling employees to work from home during this new normal should consider ways to extend corporate network safety to employees’ homes, given the increased reliance upon and time spent using them. Providing access to technologies that protect employees’ networks is the extra step that will make a big difference to companies’ cybersecurity, as well as being a positive contribution that is often highly appreciated by employees.
An example would be to provide access to routers and/or technology capable of detecting security threats in real-time on employees’ home networks. The same technology can provide an automated way to immediately respond to threats, isolating devices responsible for a security breach or known to have a serious vulnerability, in order to prevent other devices on the network from being compromised.
WFH in the longer-term
Despite lockdown restrictions easing across the globe, the stark reality is that many of us will need to – or prefer to – work from home indefinitely. In these instances, there are a range of things companies can do to mitigate risk.
Firstly, companies should implement basic security solutions such as anti-virus and anti-malware, and leverage VPN technology. These need to be enforced by companies on all corporate devices. Secondly, enforce the use of safe methods and protocols, such as dual authentication and HTTPs. Thirdly, educate employees on cybersecurity – an ongoing battle that requires regular training and updates to keep up with the evolving nature of cyberthreats. And finally, at the top of the game, companies can also supply technology to ensure that employees’ home networks are secured.
Getting the basics right
Ultimately, any cybersecurity strategy that’s going to work – whether in the office or in the connected home – is one that gets the basics right. For businesses, this means licensing security technologies alongside enforcement technologies, to ensure it’s always running. In addition, companies need to identify their critical assets and ensure these are adequately backed-up and that there is a remediation plan in place should assets be compromised. This will minimize any damage if access to original files is cut off, or if confidential information becomes public.
Educating staff on what to look out for while working from home, without the CISO or IT department able to pop over and consult at any given time, is a good idea. But being available to help troubleshoot or even answer questions when they arise will go a long way to ensuring that employees can confidently navigate technology, without constantly looking over their digital shoulders.
Steeve Huin, VP Business Development, Marketing & Strategic Partnerships, Irdeto