The start of the decade has been dominated by the disruption caused by COVID-19. The pandemic has impacted our everyday lives, from work to socialising, going on holidays and shopping. In line with the government’s guidelines to practice social distancing, we’ve seen a sharp increase in the number of remote workers worldwide.
This has unveiled a range of issues that some SMEs may not have considered in the past. For example, how to maintain staff well-being while working remotely? Do staff have the relevant IT equipment and if so, do they know how to be cybersafe? If you consider that, when working from home, each employee presents a new vector for attack against their company’s network, it is crucial that businesses get this right.
In a traditional office environment, employees work within the security parameters that the organisation provides. At home, employees don’t have this luxury. Using a shared network environment can open the door to several potentially unprotected connections, significantly increasing the chance of a breach. Home Wi-Fi networks are notoriously insecure, often using factory-standard or basic passwords that can be easily hacked.
As businesses try to maintain productivity in these exceptional circumstances, cyber criminals are exploiting these weaknesses. In the shift from the office to working from home, SMEs may find that their cyber security protocol may no longer be fit for purpose as they struggle to deal with the influx of remote connections or cope with several dispersed endpoints. In fact, according to Action Fraud, March saw a 400% global increase in cyber-attacks as cyber criminals seek to take advantage of this challenging time. The need for increased awareness and implementation of cyber security has therefore, never been more pertinent.
A layered approach is the best approach
Using a Virtual Private Network (VPN) is a simple yet highly efficient solution to keep cyber-attacks at bay. It is engineered to hide the IP (Internet Protocol) address, therefore creating a safe and encrypted connection over a less secure network. This first layer of defence prevents hackers from accessing private data, such as passwords, although a VPN alone is not enough to protect networks. Combining this with Endpoint Detection and Response (EDR) software, builds the layers of protection. EDR works by installing an agent which continually monitors the network events on an end-user’s device. If a threat is identified, it is quarantined and analysed to either investigate and identify a past incident or use the data to look for similar threats.
Re-educating the workforce
Incorporating the correct cyber security protocols provides SMEs with some level of reassurance and protection against an attack although, this is only one side of the battle. Before the COVID-19 crisis, over half of cyber-attacks in the UK involved phishing. In fact, last year almost 80% of businesses were subjected to phishing attacks and this is only set to rise when you add remote working into the mix.
Phishing attacks are usually delivered by email. Relying on ignorance and misinformation, they are deviously designed to appear to come from a trusted source, for example a bank or a colleague, with the aim of duping the intended victim into revealing log-in credentials, credit card details or other sensitive information to defraud or deposit malicious software onto endpoints. These are simple to construct, allowing potential fraudsters to cast a wide net, attacking thousands at the click of a button. Although this has become particularly prevalent following lockdown, the good news is that re-training staff on cyber best practice can significantly reduce the risk to businesses.
It is concerning then that a recent Make UK survey found that one in three businesses do not provide formal cyber security training for their employees. This is compacted by almost 50% of the same organisations lacking a means to track the performance of their cyber security infrastructure. These statistics reveal a common issue within the wider business world; cyber security is simply not regarded as a Board-level responsibility.
From the top down
Modern businesses are reliant on digital infrastructure for an array of tasks. This includes, financial transactions, online communications, general operations and many more. As a result, it’s vital that cyber security is prioritised and owned by the Board of Directors. Should a business operation be disrupted by a cyber-attack, it is the senior management and the Board that would be held to account. Therefore, it’s crucial that cyber security is part of everyday operations, with regular check-ups and reports. The importance of this is such that the UK’s National Cyber Security Centre offer advice through its Board Toolkit, encouraging the Board and technical experts to come together and discuss cyber security.
Beyond this, regular training can ensure that employees are suitably informed and aware of cyber risks, empowering them to provide the first line of defence against attackers. This can reduce the rate of successful attacks by over 60%. This layered approach of internal training and cyber security solutions can help ensure that a company’s cyber security approach is fully capable of addressing and resolving cyber threats.
The move to home working has raised concerns about our digital health. Cyber criminals are taking advantage of these uncertain times to exploit network vulnerabilities caused by inadequate remote working security procedures. During this time of heightened risk, businesses of all sizes need to take the steps outlined in this article to ensure they have a cyber security system which is both robust and comprehensive. By doing this, they can safeguard against one of the greatest threats during the lockdown period.