As CIOs and CTOs tackle the effects of the pandemic, they have also had to strengthen their lines of defense against cyber criminals trying to take advantage of the situation. Businesses quickly adjusted to being able to work from home in response to lockout orders, which left computer networks exposed to additional and new stresses, making them vulnerable to cybercriminal infiltration.
This rapid transition to remote working has put a strain on the security and IT infrastructure of many companies, which has resulted in a usable opportunity. In fact, our research has shown that the number of spear phishing email attacks related to COVID-1
With that in mind, here are the C-suite’s top security concerns and the solutions they need to take to turn the tide against these growing threats
Networks under pressure
The employees work within the security parameters set by their company. When you work from home, it suddenly becomes more difficult to adhere to these safety precautions. Many personal devices are connected to a shared network, creating multiple unprotected endpoints. This opens the door to potential security breaches. This massive shift towards remote working has expanded the attack surface of most organizations, making it difficult to monitor and minimize. Recent research has shown that one in two businesses feels that they cannot properly secure their home office environment.
Indeed, since moving from the office to work at home, organizations may find that their cybersecurity logs no longer pile up as they struggle with the deluge of remote connections, multiple distributed endpoints, and conflict rates on ISPs. Cyber criminals know that every employee who works from home is a new gateway to their company’s network.
To address these increased network challenges, organizations must ensure that applications containing sensitive data are securely accessed and that company-issued devices can be remotely wiped in the event of breach or loss. Establishing continuous monitoring of equipment is also critical. This is where tools like Augmenting Identity and Access Management (IAM) are crucial, as hackers use stolen credentials to attempt to access important data. For heavily regulated sectors such as financial services, healthcare, and Critical National Infrastructure Services (CNI), this will be an important area to be considered in this crisis. By ensuring multi-factor authentication and checking single sign-on for critical applications, security is improved.
While cost considerations are often the biggest obstacle to implementing such new technologies, our research has found that AI reduces the cost of detecting and responding to violations by an average of 12%.
Secure corporate culture
Many organizations already have a mature work-from-home process from a corporate culture perspective and more secure methods of working remotely. In this case, the main concern is not you, but other companies you deal with that did not make this trip. External parties may use unapproved software as collaboration tools or other home work tools that introduce security challenges into the corporate environment.
In fact, the rise in virtual conferencing and other collaboration tools is revealing more vulnerabilities that hackers can exploit. Companies that quickly introduce video conferencing for end users can make it easy for an attacker to impersonate employees. Here you need to ensure that employees use audited and authorized video conferencing services whenever possible. If you are unsure, suggest that the meeting be held at your company’s facilities. Also, as always, make sure that applications and operating systems are patched and up to date.
Cyber security for remote work
While working from home, attitudes towards security practices can become relaxed, and the C-suite needs to consider how they can influence these behaviors and ensure they do not lead to an increase in violations. There are a number of steps the board can take to monitor the security activities of their companies. First, they should consider running enterprise-wide security awareness campaigns to educate employees about the cybersecurity challenges they may face while working from home.
This includes informing employees about the potential risks of using unauthorized storage systems or the issues related to personal data confidentiality violations as enshrined in laws such as the GDPR. Staff should also be made aware of email-based fraud and malware programs that are exploiting the pandemic. Examples of this are fake emails that claim to come from authentic sources such as the Center for Disease Control and Prevention (CDC), the World Health Organization (WHO), government sources or health insurance companies. Office e-mail should be an important source of information for employees, and training employees about email-based security issues is important.
Because employees work from home, they may not be able to access internal communication channels through secure VPNs, and internal company websites may not be the right way to train employees. To compensate for this, the board could task IT teams with setting up alternative communication channels – crucial to ensuring that all employees are regularly informed about cybersecurity.
COVID-19 has tested cybersecurity defenses like never before. However, the investment and focus that the C-Suite brings to the subject now will allow them to come even stronger in the future – armed to capitalize on new technological advances and operate in a world where work is done by Home is increasingly becoming a reality. Because ultimately the right cyber approach not only makes financial and serious sense, but can also create value in the eyes of customers, stakeholders and colleagues.
- Richard Starnes, Chief Security Strategist, Capgemini