Hybrid and remote work arrangements are here to stay. Reduce cyberattack risks to your business by developing the right cybersecurity countermeasures.
It is now clear that work-from-home and hybrid arrangements are no longer passing trends; they will become the optimal work model for many people. Though this has afforded businesses some increase in flexibility and freedom, remote work has also exposed them to many new risks as well.
As more employees opted to bring their work home, account takeover attempts and phishing e-mails proliferated in response. In April 2020, for example, Google blocked 18 million daily malware and phishing emails related to Coronavirus.
Yet in today’s hyper-connected working world, strong 5G connections, ubiquitous WiFi and invisible Internet of Things networks have become critical in conserving energy, reducing operational expenditures, and streamlining inefficient processes. These emerging technologies drive a multi-cloud strategy that seeks to unite the human resources, technology stacks, and information spread out across multiple countries.
Hybrid and remote arrangements are here to stay. To ensure that your employees aren’t putting your business at risk, you’ll need to understand just how large the threat looms, and develop the right countermeasures in response.
Humans tend to be the weakest link in an organisation’s cybersecurity. Few people receive regular and relevant cybersecurity training, and as a result, poor security practices abound. Some examples:
Remote work, for all its benefits to productivity and flexibility, multiplies the existing risk to the organisation. Home networks provide a much greater attack surface for hackers, given home-based users’ unsecured wireless networks, general lack of endpoint security, and more relaxed attitude towards cybersecurity measures.
Research revealed that Asia-Pacific exhibited a 168% year on year increase in the number of cyberattacks between May 2020 and May 2021. By June 2021, over 80% of public- and private-sector organisations in Singapore had become convinced that the rise in cyberattacks was a direct result of working from home.
Even something as simple as accessing your work email over an unsecured WiFi connection can result in millions of dollars in ransom and fines for your company down the line! Fortunately, there are a number of steps organisations can take to mitigate these risks.
Increased uptake of digital accounts over the past year has actually weakened password hygiene among Singaporeans: some 45% of respondents admitted to reusing login credentials, a practice that increases their vulnerability to hackers.
Given this situation, strong password control must be built into the organisation’s standard operating procedures (SOPs) rather than left to choice. If left to their own devices, users tend towards weak and predictable passwords like “12345678” or “password”. Organisations could defend their infrastructure with single sign-on, digital passports, and digital signatures.
Home workers should be encouraged to change the default password used by their WiFi routers to something more secure. If they don’t, hackers can track these default passwords down and hijack the network altogether.
A proactive approach to cybersecurity must extend to every aspect of the organisation. Our increasing reliance on SaaS platforms shouldn’t be seen as an opportunity to offload part of our cybersecurity responsibility to others—always vet the cloud platforms, software, and resources that your employees are accessing from home.
It’s said that 80% of all security problems are caused by the inadequate handling of privileged accounts. A privileged access management approach can safeguard employees’ digital identities and the company sensitive resources, data, and documents stored in the cloud. Users should only receive the minimum levels of access required to perform their job functions—and identity data must be securely generated, securely stored, and securely processed.
Proper segmentation and segregation of your company’s infrastructure, whether virtual or physical, is also important. Implement encryption, strong passwords, 2- and multi-factor authentication, and regular application of software patches.
The physical infrastructure of home users shouldn’t be ignored. For instance, older WiFi routers may lack encryption out of the box, opening up users to “man in the middle” attacks that allow unauthorised access by savvy hackers.
Separate user traffic from management traffic with out-of-band (OoB) network management. Validate integrity of hardware and software by using verified products rather than those from the grey market. Illegitimate products may be affordable compared to other platforms, but they can come pre-loaded with malicious software that costs your business more in the long run.
You don’t have to mitigate the risks of work-from-home arrangements all by yourself. Whether you’re just beginning to align your cybersecurity with work-from-home measures or have already begun, experts like T-Systems can help you “connect the dots”.
Industry experts can help you spot often-overlooked vulnerabilities. They can also help you follow through with suggestions offered by third-party security agencies, a step often forgotten after the initial consultation or security review.
Remember: it isn’t enough to be aware of vulnerabilities. Organisations must take the necessary steps needed to fill the gaps.
Many organisations are used to traditional security tools like anti-virus, firewalls, and intrusion detection. This “moat” approach doesn’t always work today, especially since Internet of Things (IoT) technologies, 5G networks, and work-from-home trends have changed how work is done.
Companies will need to get up to speed with new technology and consult an expert like T-Systems to learn how they can protect their internal and external data from motivated cybercriminals. T-System’s rich global experience in cybersecurity and multi-cloud environments is a valuable asset in your digitalisation journey.
Attacks are always morphing. It is time for your organisation to evolve as well.