There is a heightened cybersecurity risk due to the impact of Covid-19 on work practices, says Francis O’Haire of DataSolutions
For the majority of people, the lockdown has completely changed how they work. For many companies, they will not have been prepared for facilitating an entirely remote workforce and will have deployed technologies in a hasty and sub-optimal fashion, with security possibly taking a back seat.
As businesses try to balance the need for accessibility and flexibility with the aim of maintaining productivity and security, the risk of cyberattacks has risen considerably and employees are faced with new challenges associated with their home work environment.
Not only are there more distractions, but some haven’t been equipped with the right tools and processes to enable them to do their jobs remotely.
In order to support employees and uphold business continuity during this difficult time, it is imperative for organisations to adopt an effective and evolving IT strategy that overcomes the obstacles posed by a remote workforce, without jeopardising corporate data and systems.
A heightened risk
There is undoubtedly a heightened cybersecurity risk at the moment, as threat actors seek to take advantage of the current situation which is unfamiliar territory. These people are ramping up phishing attacks and e-mail scams, pretending to be colleagues and capitalising on the fact that people are not communicating as much and may be more distracted than usual. Not to mention that workers could be using personal devices that lack the necessary safeguards.
There are even instances where attackers are using coronavirus domain names that look legitimate in a bid to trick people and gain access to applications. More insidious are instances where they are targeting organisations, including hospitals, with ransomware. With staff under increased pressure, there is a higher risk of someone not closing something down or clicking on something they shouldn’t. This also means that if an attack is successful and systems are down, a company is more likely to pay the ransom.
Companies also need consider that some workers might be out of their depth from a technology perspective – perhaps not working on the company network and lacking the tools they normally have. This can lead to people downloading solutions, including video conferencing and document sharing applications, that are not designed for corporate use. Furthermore, the people implementing them, while possibly tech-savvy, are not thinking about security or best practice. While not malicious, it poses a threat.
A structured approach
Ideally, companies should allow staff to use virtual desktops running in the data centre or in a secure cloud location. This approach enables people to work from home effectively and allows businesses to keep all corporate data and sensitive systems under the control of the business.
Another option which uses the same technology, but requires less infrastructure and time to set up, is to give workers remote access to their PC or laptop in the office from their home.
In circumstances where staff have taken company laptops home with them, it is vital that organisations ensure they are properly managed, backed up, secured, and encrypted. Employers should also encourage people to use office file servers or company provided cloud file sharing services rather than local hard drives to save documents – we all know how easy it is for laptops to die, go missing or get coffee spilled on them.
Furthermore, training should be a priority to ensure the workforce is equipped with both the tools and the knowledge to work safely at home. As well as teaching them how to maintain and update devices, they need to know about the latest risks and be extra vigilant. There is only so much technology can do — a healthy dose of paranoia doesn’t hurt!
Businesses may also want to consider employing monitoring tools to track suspicious behaviour and apply Multi-Factor Authentication (MFA). Despite best efforts, people often use the same passwords for personal and work accounts so if one is stolen, chances are the attacker will have access to another account or system. Having to enter a password and then a code, delivered via mobile phone, is simple but effective and adds another layer of security.
As mentioned, there is every likelihood people are using personal devices to work remotely, including mobile phones. This is an area that needs to be managed with caution as some mobile device management solutions are quite intrusive and restrictive for the user.
However, there are Unified Endpoint Management (UEM) solutions which can create a container for work applications and a separate container for personal applications on a device. This means that corporate data and applications can be accessed and wiped by the company if required, without impinging on the individual’s privacy or personal use of their mobile phone.
A continuous process
Due to the manner in which the current situation arose, many companies will have implemented solutions quickly and made changes that weren’t thoroughly thought out and probably caused some issues. Therefore, businesses now need to take the time to review the steps that were taken and ensure they are providing accessibility, maintaining security, and supporting performance. Whether it involves the in-house IT team or third-party IT specialists, companies should perform an audit on how they are working and ensure it is as secure, efficient and effective as possible.
The number of people working remotely is unlikely to return to where it was pre-pandemic, therefore businesses also need to think long-term and employ the required solutions to prepare for the weeks and months ahead. For example, they may need to consider creating a Secure Digital Workspace which aggregates everything a worker needs in one dashboard and with a secure single sign-on process.
It is crucial to remember that every business is different and will require different technologies to support their people and operations. While the Covid-19 situation poses significant challenges, it also provides a unique opportunity for companies to create a workplace fit for the future.
• Francis O’Haire (pictured) is group technology director at DataSolutions