Remote working varies considerably from one company to the next. However, there are many similarities also – and one thing every company has, no matter what size, is facing the threat of cybercrime.
Malicious actors took advantage of remote workers during the pandemic. With businesses unprepared to deploy a distributed workforce, employees accessing business networks from home networks were an easy target.
In the first few months of the global pandemic, Interpol reported a 569% growth in cyberattacks. The trend has not seized. Over the last two years, a growing number of high profile data breaches have dominated cybersecurity headlines.
It’s difficult to say whether the increase in data breaches is due to more vulnerable gateways provided by a remote workforce. Nobody has released that data, but you must admit, there is coincidental evidence.
Despite the increase in data breaches, working from home is predicted to persist. Gartner estimates that 31% of all employees globally will work from remote locations.
A survey performed by GoodHire found that 74% of employees didn’t have the right equipment to work from home. Yet 68% of respondents said they want to continue working from home 3 out of 5 days a week.
The benefits of remote working outweigh the negative aspects – unless businesses don’t get their cybersecurity defenses right. Cybersecurity cannot be treated as an afterthought.
There are no cookie-cutter cybersecurity strategies that will work for everyone. A structured strategy geared around your needs and budget is the way forward.
1. Cybersecurity Awareness Training
Researchers at Stanford found that human error is at the root of a whopping 88% of successful cyber attacks. Moreover, 33% of data breaches occurred through phishing attacks – malicious code embedded in emails.
As more data is leaked in the world of cybercriminals, malicious actors have more information to mount spearphishing attacks. These types of attacks target specific users within a corporation that hold the key to the most sensitive data; account personnel, c-suite executives, IT managers.
Emails used in spearphishing attacks can appear particularly convincing. For example, a campaign may appear to be from a reputable company the targeted person has ties with. This is where the danger lies.
If your staff is not aware of how cybercriminals can mount various attacks, they could easily click on a malicious link or open a document embedded with spyware or ransomware codes.
Cybersecurity awareness training is important for any company. For businesses that deploy a distributed workforce, it’s critical. And if you’re allowing employees to access your business network on personal devices, you need other cybersecurity rules in place as well.
2. Install a Virtual Desktop
London-based IT Support professionals Micro Pro claim virtual desktops are the answer to remote working and the issues firms face with unpredictable Bring-Your-Own-Device policies.
The beauty of a virtual environment is employees can perform their job from anywhere without putting your business network at risk. Even if a hacker took control of a personal computer, they would still need password access to your real-world network.
Virtual desktops give enterprises unrivalled flexibility without having to install a complex mesh of software installations. For example, Microsoft’s Windows 365 Cloud PC which they launched shortly after the pandemic, enables IT managers to create a personalized environment that imitates the real-world environment.
Virtual desktops operate in the cloud – all of which have several advanced security applications built in. Data is stored in a centralized system which protects data more efficiently than if it were stored on personal devices.
3. Take Advantage of Patch Management Services
A common strategy hackers use to breach a business network is to look for vulnerabilities in software. Whenever software is released by a company there are always vulnerabilities that could serve as gateways for hackers.
To eliminate the risk of software vulnerabilities being exploited, software companies release security updates known as “patches”. Anyone with a smartphone or computer will be familiar with operating system updates and the disruption they cause.
Imagine then an employee that is working on a platform with multiple applications and plugins. First of all, updating all multiple programs is inconvenient, annoying and disrupts workflow that impacts productivity.
Secondly, can you rely on all your employees to perform software updates? You will need to! Once a security patch has been distributed by a software company, the onus is on businesses to ensure the update is executed.
If a patch is not updated, you will be in breach of data protection and privacy regulations. Patch management services with automated software ensure updates are performed without distracting your employees.
4. Install Multi-Factor Authentication
Multi-factor authentication (MFA) may be met with grumbles, but it’s a critical layer of protection that provides a second line defense. Whilst two-way authentication requires employees to perform an extra step to access business applications, it’s a step worth taking.
Most MFA systems send a code to a registered mobile phone. Others give you the option to send the code to an email address. You then enter the code into the system before you are presented access.
In addition to two-way authentication, the National Institute of Standards and Technology (NIST) recommend updating passwords on a regular basis; once a month, for example.
Password strength also plays a key role in a cybersecurity defense strategy. Hackers use random-generation software to try and crack the code of passwords. Therefore, the likelihood of the password generation function offered by software companies is beatable.
The strongest passwords are memorable phrases or information that only you know. The words should then be written as a passphrase that uses both upper and lower case letters, symbols and numbers.
Companies that suffer a data breach may never recover. It is estimated that 60% of hacked companies go out of business within six months. That’s not necessarily due to a loss of finances during an attack. Businesses collapse because of the loss of customers.
In accordance with GDPR, businesses are obligated to inform anyone that was affected by the attack of the breach. And that generally results in a loss of customer confidence.