Now that many more staff are working remotely (often on unprotected personal devices and with unfamiliar collaboration tools), cyber criminals are seeing employees as the weak link in the chain. Already, some are taking advantage of the COVID-19 pandemic to attack large organisations head on.
As a result, phishing
attacks are on the rise and the strains on network security are higher than
ever. UK businesses need to act fast, but securing home networks in the way you
would an office network is near impossible.
Now is the time to really consider securing endpoint devices, whether this be through policies for using personal devices safely or the deployment of antimalware and password management tools to protect them. This new way of working sees every member of staff needing to act as the first line of defence.
With the pandemic affecting every aspect of life, people are anxious to stay informed. As a reaction fraudsters are increasingly sending phishing emails and spear-phishing attachments pretending to provide safety tips, information about vaccines or financial support for businesses and consumers.
In fact, according to Kaspersky one in four employees say they’ve received phishing emails related to COVID-19. Yet almost three quarters say that they haven’t received cybersecurity training on how to work safely at home, and only half are using equipment provided by their employers or a secure VPN connection.
Further to this, organisations desperate to enable colleagues to engage and interact as they would under usual circumstances, have rushed to install remote desktop software and collaboration tools, which in turn brings its own threats. ‘Zoombombing’ is a prime example of this. The term describes an unwanted intrusion in a video conference, used to embarrass attendees. With more strategically sensitive meetings now taking place online, there’s a real threat that confidential information can be obtained in this way.
Connectivity and VPN capacity issues are also proving problematic with many organisations facing long delays in increasing their capacity and priority understandably given to blue light and Critical National Infrastructure organisations. This is leading some to push employees towards unsanctioned systems just to get work done. Systems that can often be laced with malware.
While many of these issues are common to all industries, there are some additional sector specific challenges to be aware of. Retailers for example will need to continue to manage a shift towards reduced in-store customer contact, focusing instead on their eCommerce channels. This means having a secure network that can manage increased traffic and offer digital payment options and clearly defined contactless delivery services that meet consumer demands. There are also issues with home workers and their devices being outside normal compliance regimes, for example where orders can’t be taken over the phone due to non-compliance with PCI DSS (Payment Card Industry Data Security Standard).
There’s a similar issue for the finance sector, which will need to focus on how to secure home-based contact centres where remote contact centre agents must manage highly confidential information. For other staff working remotely, keeping control of personally identifiable information (PII) will be extremely important, as this will be a significant target for attackers. While in manufacturing and media physical distancing measures will remain in place for some time, meaning back office staff will need to be provided with secure tools that enable regular interaction with those working on site.
As with any rapid transformation these changes will have a significant impact on security. Organisations will need to adjust in response to these changes. Staff will be concentrating on new ways of working and are likely to lose sight of their security responsibilities.
An additional risk comes from sharing home resources with family members, making it easy to accidentally leak regulated information. It’s important to put in place appropriate tools and training to keep risk to a minimum. Home workers need to have the support necessary to complete tasks, without adding to their workload.
Getting the fundamentals right will be key in protecting all businesses from hackers during the COVID-19 crisis and beyond, and this starts with the network; providing secure, managed VPNs, with one-click access. This should be paired with the agreed delivery of cybersecurity training for users, helping them better identify suspicious emails and malware. Where possible, businesses should also deploy device management systems so that should employees need to use their own device, tools are in place to keep work and personal data separate.
Cloud-based applications and services can also reduce risk by keeping data off personal devices and ensuring it is only accessed through end-to-end encrypted connections. Businesses may also want to implement a cloud-based single sign-on service to add an extra layer of protection, filtering out obvious attacks like password sprays and spotting compromised accounts.
The challenge of the new network edge has been growing over recent years and is even harder to secure given the current circumstances, which means network security must be at the heart of a business’ IT strategy. The combination of technical tools and employee training is key for operational resiliency.
All these elements require a dependable and secure network, from the data centre to the public cloud to the end user. That means high-capacity connectivity between sites and VPN points-of-presence, as well as private connections to cloud providers and platforms. Networks are now not just key to business operations; they are often critical to their very survival.
Interested in learning more about how to plan your network strategy in a secure environment? Read our eGuide ‘Reassuring your security concerns’, by clicking here: