As part of Cyber Security Awareness Month, Field Effect is publishing a series of blogs throughout October to help you stay informed and aware of the threats facing small and mid-size businesses and what you can do to defend against them.
Since the start of the pandemic, businesses have been playing catch-up with their cyber security. The unexpected rush to enable remote work meant putting the right infrastructure in place first, then addressing vulnerabilities and other issues second.
Well, the verdict is in: remote work is here to stay.
Companies are going digital by default and employees have adjusted quickly, with 45% of respondents in a recent study indicating they’d prefer to work remotely three or more days a week. Other data shows that 67% of businesses plan to oblige this request by solidifying work-from-home policies after COVID-19.
If your organization plans to continue remote work, now is the time to make permanent changes to your policies, equipment, and processes. Business owners should divert their attention toward long-term remote work plans.
Your teams need access to the same services, apps, and information, regardless of where they work. But your risks change as soon as employees leave the office. So, the question is: how do you maintain your cyber security when employees work remotely? It all starts with knowing the new and existing threats to your business.
New remote work risks to your business
About 30% of organizations have seen a spike in the number of cyber attack attempts since the start of the pandemic.
Several factors contribute to this spike, including a rapidly changing threat surface, cyber security that hasn’t kept up, and a distracted workforce.
“About 30% of organizations experienced a spike in the number of cyber attacks since the start of the pandemic.”
A changing threat surface
Your threat surface is all the attackable points in a network that an attacker can access. If this surface changes, but your cyber security approach doesn’t, there will be many gaps for attackers to take advantage of.
Before COVID and the shift to remote work, IT teams already struggled to enforce cyber defence policies. Now that employees have moved from the office into their homes, IT teams have significantly less oversight and control. As a result, 54% of IT workers are feeling concerned about the harm from future cyber attacks.
In addition to the lack of control, home offices and public spaces bring a whole host of new risks. Between unsecured personal devices in employees’ homes and the security concerns that come with a shared workspace, new remote work threats are challenging IT teams.
A distracted workforce
60% of UK businesses reported experiencing a cyber attack caused by human error. And this statistic comes before the grand work-from-home experiment when most employees worked in a controlled, secure office.
Employees are busy adapting to a new workplace and pandemic stress, meaning they may be distracted and more likely to open a malicious email. This makes them an easy target for attackers, and it’s part of the reason why COVID-related phishing emails exploded earlier this year.
A distracted employee may also be more likely to leave their work device unattended. And, if they’re working from a public space, this paves the way for a malicious actor to access sensitive data.
Five ways to secure remote workers long-term
- Review your current security posture
At the start of the pandemic, businesses rushed to enable remote work and keep operations running smoothly. Mistakes happen when you’re working under pressure, so now is the right time to take a close look at the changes you made.
Gartner calls this a “needs assessment,” and the goal is to identify gaps between the current and desired state of security controls. Look at the new services, applications, and equipment your employees have started using, then determine:
- Do employees know their role in protecting company data?
- Are employee access levels correct? Should I adjust these to improve security?
- Are the new defence measures limiting or enabling employee productivity?
- Do employees have all the tools and equipment they need to conduct business securely? If not, are they using unsecured personal devices to supplement?
- Use the right security tools
With home networks and flexible shared workspaces in the mix, you may need new security measures that you didn’t have before. You may also need to upgrade your existing security tools if they’re not comprehensive enough to protect remote workers and any new cloud services — including videoconferencing apps — you’ve adopted.
“Between home networks and flexible shared workspaces, you may need new security measures that you didn’t have before.”
Consider investing in virtual private networks (VPNs), password managers, multi-factor authentication (MFA), and an advanced threat monitoring solution to establish a secure working environment for your employees. The right threat monitoring platform will not only enable you to detect new threats and vulnerabilities but also provide clear guidance to help you resolve them.
- Educate your remote workers
A big chunk of cyber security now rests on your staff’s shoulders, and they need to be ready to protect their data, devices, and the business.
Human error continues to be a leading cause of data breaches, and there’s concern that remote work will increase this risk. Help employees make the right security-related choices with regular training sessions.
If you already have a training regimen, you’ll want to update it with a focus on remote work. Discuss new and emerging threats pertinent to a distributed workforce. Share cyber security best practices that apply more when you work remotely, such as being vigilant when opening emails and conducting business using corporate-owned (or otherwise secured) devices.
- Update your remote work-related policies
Even with top-notch security tools and a highly educated team following best practices, attackers can still find their way in. For this reason, update your remote work and cyber security policies to reflect new risks and what to do in case of a suspected attack.
As an employer, it is your responsibility to provide your employees with clear guidance about remote work rules, emerging threats, and cyber security best practices. When they inevitably turn to these documents for information, you want to be sure they are accurate and up to date.
- Protect individual devices
End-user devices, such as desktops, laptops, smartphones, and tablets, are the entry points to your organization’s network. Sometimes referred to as endpoints, these devices quite literally represent an endpoint on the network.
These devices allow employees to access, share, download, and store valuable data remotely but, without security controls, they can create potential entry points for attackers. As the number of endpoints increases with remote work, businesses need to make endpoint security a vital part of their defence strategy.
Keep devices secure by using complex passwords and multi-factor authentication. Set up phones, tablets, and computers to password-lock on their own after a few idle minutes. Configure devices to scan for and run software updates regularly.
To further your defence, invest in a cyber security solution that can detect potentially harmful activity and prevent attacks on endpoint devices. The right tool will not only help you avoid costly data loss and data recovery but provide you with a defence to secure remote workers.
- Bonus tip: Master the fundamentals
No matter your size of business or industry, strong cyber security begins with the basics. The best part is you don’t need to be a cyber security wizard to master the fundamentals and start securing your business.
To stay informed about cyber risks and how threat monitoring and detection can protect your business from cyber threats, sign up for our newsletter below.