Despite the current global pandemic, a number of instances across the globe have proven that cyber attackers are taking no time off, and are instead taking full advantage of our new, chaotic world.
The Czech Republic saw a cyberattack that halted urgent surgeries, while also re-routing patients in a busy hospital fighting COVID-19. A food delivery company in Germany suffered a distributed denial of service (DDOS) attack. Meanwhile, in the United States, phishing attacks ran rampant after the passing of a government relief bill.
With employers and organisations distracted by their response to the virus, and the shift to remote work, cyber security teams must remain vigilant, providing a consistent approach to protect their company data.
Polling 2,001 adults within the US from the 4th-7th of June, an IBM Security survey found that 93% of people did not worry about data security when they went to work from home.
Furthermore, 45% of respondents reported that they received no training on the transition from work to home, even though as significant 83% confirmed working from home was not their typical practice prior to COVID-19.
Although employers are rightly focused on employee health and the strength of the business at this time, it is also important to remember your security protocols, and update them to match a rapidly changing situation.
“Attackers seek to exploit human nature and non-standard operating models,” says Richard Addiscott, Senior Director Analyst at Gartner.
“Take pre-emptive steps to ensure the resiliency and security of your organisation’s operations,” suggests Gartner.
How are employers doing so far?
The survey completed by IBM found that many employers failed to set up suitable security preparation when sending their staff to work from home during the COVID-19 pandemic.
With working from home becoming the norm during the pandemic, new cybersecurity challenges arose for various firms and workplaces, due to staff often having to use personal computers and home networks, as well as mobile phones, to conduct their work.
Most people had faith that their organisation or workplace could keep their personal identifiable information secure during remote work. However, the polling also showed that those who lacked experience working from home prior to lockdown conditions posed a major security risk – which most companies did not attempt to solve.
Fifty-three percent of people said they were using personal devices for work, and 90% were found to be conducting business over their home networks, rather than ones set up for specific work use. This means that no new security protections were put in place.
Two areas of concern were password protection, and video conferencing.
Password protection problems
A survey published in May titled “Psychology of Passwords: The Online Behaviour That’s Putting You at Risk”, found that 66% of people reuse the same password, or a similar variation, even if they knew it was a bad idea.
Backing this up, the IBM survey found that 35% of people were reusing passwords for business conducted at home during the pandemic. Although this is concerning, 66% confirmed they had not been provided with new password guidelines by their employers.
It is important that security teams at least pass on basic tips at this time in order to secure employer data, and hopefully help ensure the safety of the organisation’s data. Updating passwords to something different, and more complex, is an excellent place to start.
Video conferencing? Be careful!
Video conferencing has become increasingly popular since the working from home trend increased. Respondents were asked how many of their meetings took place via video, with 55% saying they conducted somewhere between one to five business meetings via video per week. A further 20% they could often conduct six to 10 within a week.
Despite this, organisations were mostly reported to not prepare their staff for new risks associated with working from home. The study found that 55% of workers polled reported their employer did not advise on any new security policies around the use of video-conferencing, which presents many threats to cyber safety.
There has never been a better time to update your video conferencing software, and ensure it is not only high-functioning, but completely safe for all the staff who will be using it.
How do we adjust?
It’s an important question, especially for cyber security teams, who must now assess risks and responses from a completely different working environment. Incident response plans might become completely outdated, or might just need an update, but it’s important to address them.
You can begin by reviewing your team. Ensure that all roles are filled, and that each individual has access to the necessary equipment. Following this, it’s time to go over all of your documentation.
And, if your company doesn’t have a cyber security incident response capability, it’s time to organise one. Consider using a managed security service instead of building one yourself – this will be much quicker and cost effective.
While 47% of respondents said they were aware of concerns regarding cyber security, the survey completed by IBM Security seemed to show a lack of proactive action regarding cyber security solutions. It’s time to address this.
Reminding your employees
With the aforementioned 45% of respondents saying that they received no training on the transition from work to home, now is the best time to remind your staff to be on the lookout for socially engineered attacks.
It’s not an easy time for anyone. Worrying about the health of friends and family will have many employees distracted, meaning they might forget to look out for an obvious cyberattack, such as a phishing scam.
Phishing scams are responsible for more than 90% of malware infections, and 72% of data breaches in organisations. By sending out a semi-regular reminder of what a phishing email might look like, you can ensure greater vigilance among your staff and protection for the company.
It’s also worth setting up a series of documents containing the details of remote and mobile working policies, and training materials that address security awareness for your staff. Also, remind them who to contact in the face of a cyber–attack.
CommuniCloud Cyber Security Solutions
If all of this is sounding a little overwhelming, don’t worry. Here at CommuniCloud, we are experts in cyber security solutions and partner with industry leading vendors such as Cisco, Jazz Networks, Agari, InfoTrust and Splunk. Together, we can create a Cyber Security Ecosystem of both technology and professional services, tailored around your business needs.
If you have questions on how to create a safe remote working environment for your firm or business, contact CommuniCloud.
We offer a broad range of safe solutions that help your business, safeguarding your future and minimising risk.