Cade Wells, CENSIS Business Development Manager, explores how changing work patterns are highlighting a greater need for cyber security
Around this time last year, the beginning of the Covid-19 pandemic caused a massive shift in working habits almost overnight. Few of us could ever have anticipated that 12 months later we would still be logging in to Zoom meetings from our kitchen tables and spare rooms. In fact, many companies have realised the benefits of a more remote workforce, implementing policies for long-term flexible working.
The Office for National Statistics (ONS) estimates that around 36% of people in the UK are working from home, which is causing a significant headache for IT teams – far beyond the initial challenge of making sure everyone has access to the equipment and software they need. Unfortunately, the risk of a cyber-attack becomes much more difficult to mitigate when your employees and colleagues are no longer working under one roof.
Phishing and ransomware attacks were reported to have increased by as much as 600% at the beginning of the pandemic with users more exposed than ever to potential threats. Employers are, therefore, understandably placing greater reliance on their staff to remain vigilant and report risks in the same way they would have done in the office. Good practice and policies that were in place in the office should continue at home, such as robust password protection and multi-factor authentication for access to cloud-based apps. However there are a range of additional actions to consider. Employees should check with their internet service provider about software updates to their home routers – often this is the first and last line of defence on a home network. Employees should also be using a secure VPN tunnel to log on to the company network.
Companies should also review file storage system and access rights, and look to implement additional layers of protection on any confidential or sensitive files, if required. Consider which departments and teams need access to financial data or company contact databases, for instance, and restrict access to these files appropriately.
Video conferencing quickly became ingrained in our new home-working lives, but that has also opened the door to a variety of new cyber security risks. Some privacy issues were highlighted early in the pandemic, such as videobombing and issues with end-to-end encryption but these have, for the most part, been addressed and rectified. However, it is important that employees use the app recommended by the IT department – although it might not have the best user experience, the team will have made an assessment based on its security credentials.
On average UK homes have 10 Internet-connected devices, many of these use the home WiFi network to connect to the Internet. You may not immediately think that a smart doorbell, television or virtual assistant would be linked to company data, but just one insecure device on a home network could expose them all to a security threat. Employees should be encouraged to keep their home devices’ software updated to protect their home network. It should be noted that that an employee’s home network and devices could be at risk by insecurities in a connected company network. Therefore, there is also an onus on the company to protect its employees through careful management of its own devices and networks.
Company security systems and policies can only ever go so far. A company’s greatest asset is its people, and that applies to cyber security too. Encourage your employees to use their intuition to spot potential threats coming in via email or texts, unusual behaviour of their IoT products and host regular training sessions to help them identify the most common types of attack. Promote a culture of honesty where employees can speak openly, without embarrassment, about any mistakes they have made in order to reduce the risk of it happening again.
While we continue to work from home and more flexible working looks to become the norm, the cyber security risk is more prevalent than ever – you cannot simply turn to the person sitting beside you and ask for a second opinion on a suspicious item in your inbox. Working habits have changed for the long-term and our approach to cyber security must, therefore, reflect that.