How can businesses take advantage of these findings? What can companies do to ensure that they are protecting themselves in this new work from home (WFH) environment?
Seshadri: Businesses can leverage these insights to understand what matters to their consumers and act where it makes a difference. They can also leverage these findings to identify potential gaps in their efforts to secure their data and infrastructure and take necessary action.
For instance, the survey found that only 32% people were seriously concerned about a data breach while working remotely, reflecting a false sense of security. This certainly puts the onus on organisations to secure their data and assets from malicious attacks which are so rampant now. There are a few things that companies can do to ensure they are protecting themselves in this new WFH environment:
Reduce dependence on VPNs: Make it easier for employees to be secure when connecting from home, and that means less use of old-style VPNs that don’t scale and aren’t suited for the Covid era. Companies should embrace a zero-trust approach and technology, including always-on encrypted direct access, identity verification tools, and a software-defined perimeter to limit the damage from malware getting in.
Empower employees to manage the risks of a WFH environment: Employees are a critical link in the security net of any company and it is important that we empower them with the right knowledge and skill sets to combat the threats of a WFH world.
Leverage technologies like biometrics to enhance security: It is time to explore technologies such as biometrics to extend safety precautions in the age of work from home. Firms can equip their employees with additional security controls such as multi-factor authentication, or even biometric logins such as facial recognition or fingerprint scans, which are not as easy to breach as some of the more traditional approaches.
Leverage emerging technologies and approaches to fortify the security ecosystem: Companies should look at how they can embed technologies like artificial intelligence and machine learning into their security ecosystem to improve their cyber posture. They should also embrace approaches like microsegmentation to strengthen their security posture.
Prepare for an attack: Cyberattacks are considered a matter of ‘when’ and not ‘if’, given the level of sophistication of cyber threats. Reducing the attack surface via approaches like microsegmentation could go a long way in protecting corporate data and systems. Organisations should also look beyond ‘winning’ with security and focus on resilience and trust as this could be the difference between whether an organisation recovers or not after a cyberattack.
How can individuals protect themselves from identity theft?
Seshadri: The survey revealed that identity theft is the topmost security concern in India with 83% people being concerned about it. For the past four years, identity theft has remained the top concern among consumers globally as well. One reason for this is the high threat recognition and clear potential impact that identity theft has among consumers. Identity theft is often associated with financial crimes, illegal immigration, terrorism, espionage and blackmail, making people seriously concerned about the issue.
Individuals need to stay cautious and work harder to stay safe in this new environment, whether working from home or just sharing and interacting more online. Here are a few tips that will help:
* Be aware of the IT security policies and procedures of their organisation. In case they are using personal hardware or downloading software for work, it is recommended that they seek approval from their IT department
* Update passwords on hardware such as cable boxes and internet modems regularly and not share any passwords with anyone
* Install all applicable software patches and updates to keep their personal and official devices secure. This has to be done on an ongoing basis
* Trust their intuition and ignore suspicious calls or emails that ask for personal information
* Verify all hyperlinks by examining the domain in the URL and using online search engines to verify links independently
* Secure their hardware by updating to the latest firmware and checking the brand and model for security risks
* Protect their video calls by using new links and making sure meetings are password protected
What should for individuals, businesses, and governments do to increase security?
Seshadri: The results of the index prompt us to suggest actions that individuals, businesses, and governments should take to increase security:
Individuals: They need to be more aware of the security threats in a remote working environment and never drop their guard. They must follow IT security guidelines to secure their personal data and organisational data that they deal with as part of their work.
Enterprises and governments: They need to take actions to increase security and address the security concerns cited by consumers. This could include:
* Adopting a zero-trust security model in their organisations that assumes all network traffic is a potential threat
* Not neglecting security basics like standard password protection and employee education
* Approaching security with clients, customers, and constituents in mind
* Collaborating with business partners to address common challenges
Governments also have a role to play in creating and implementing regulatory frameworks that address the concerns raised and ensure greater security for individuals and businesses.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.