Pete Braithwaite, COO of KIT Online, offers his expert advice on how companies can protect themselves from a cyber-attack if they offer employees the choice of remote working.
Cybercrime is constantly growing and there are many diverse motives and even more methods of execution. The transition to remote working has increased the vulnerabilities that can be exploited: many largely untrusted home connections using different equipment and different networks to access corporate networks and cloud solutions can make it easier to compromise these systems.
Due to the surge in demand creating a lack of availability in laptops and components over the last year, many firms also hastily approved a ‘Bring Your Own Device’ or BYOD policy. This brings additional complications around managing the security of these devices, making sure they are up to date with the latest patches, which increases the risks of vulnerabilities being found and exploited if not managed properly.
With a shift to hybrid working and remote working now retaining some post-pandemic permanence, how can businesses ensure cyber safety?
Why is there more of a security risk when not working in the office?
Security incidents are a daily occurrence for most companies – it’s only the huge and successful ones that make the news. The sudden scramble to widespread remote working has resulted in many companies having to change IT policies very quickly, with less consideration and planning for such critical changes than would normally be considered prudential.
The shift away from the traditional office has led to the opening of new points of access – and therefore vulnerabilities into corporate systems.
The human element is often the most susceptible. Employees working at home often work with a different attitude to office-based staff and may be more tempted to take shortcuts that would not be available in the office.
How do cybercriminals exploit the move to remote working?
Traditional office environments usually make use of a perimeter security model, but the highly connected nature of cloud environments make it easier to bypass the perimeter defences. As well as weak access/password management and the hijacking of accounts putting your systems and data at risk, vulnerabilities arising from insecure APIs can also be exploited. A data-centric – instead of perimeter – approach is required, encrypting data and implementing MFA (Multi-Factor Authentication) in order to prevent unauthorised access.
Many smaller SMEs have historically not had the knowledge and resource to identify new threats from untrusted home connections and a different attitude to working. Devices now must be configured remotely rather than on-site.
Employees may be tempted more at home than they are in the office to search out unapproved apps and cloud services that appear to help them with their workload, but which may already be compromised.
The post-pandemic cybersecurity lessons to learn from
Robust security protocols are essential – but you have to get the support of your employees. Their trust in your cyber security measures are needed so they become part of the solution to increase the cyber security of your systems and company data. Employees working at home often have a different mindset to those working in the office – if their user experience is impacted or their tasks become difficult to complete, they will look for alternative that might involve shadow IT that can have a much more negative impact on cyber control and security. Good cyber security shouldn’t slow them down.
Traditionally, reliance (or complacency) on the presumed security of an onsite corporate network is dangerous. Understand your virtual estate and use advanced threat analytics to detect, respond, and recover. There is also a growing reliance and user acceptance of Multi-Faction Authentication (MFA) and strong passwords.
Security incidents are daily – software needs to be kept up to date to reduce vulnerabilities and security services and protection should be turned on by default. Often employees fail to understand the full threat of cyber risks and how wide-reaching the impacts can be. Educating them should be an important cornerstone of your digital strategy to gain their trust and support, otherwise users will use shadow IT to get around issues they are having that is detrimentally affecting user experience which leads to even greater problems.
Due diligence by both the IT department and end users is still needed to avoid security failures. IT need to ensure software used in the cloud is only form trusted sources.
Is the cloud safer than traditional on-premise solutions?
The cloud can be leveraged to increase data and cyber protection, rather than expose businesses to more threats. After all, regular software updates are provided by reputable suppliers and this should include the latest security patches being applied as soon as they are available – you’re not at the mercy of your internal IT resource availability to schedule this in.
Using cloud technologies can reduce the amount of documents being sent (often unencrypted) via email as employees can work on the same files together with central file storage and document control.