All trends used to point towards the importance of going digital, with companies trying to modernize their infrastructure and keep up with the demand for their online presence. Nevertheless, the rushed need for a digital workplace strategy in 2020 makes it a top priority for the management of all-size organizations.
As the shift to an online workplace continues to accelerate worldwide, cybersecurity challenges are affecting virtually all organizations. This article discusses both main cyber disruption challenges and approaches to proactively address them.
Shifts in user behaviour
The unexpected circumstances of 2020 could permanently change work behaviour, as companies forced by the pandemic to rely on WFH find that their employees do not want to return to the office once the closures are lifted and are becoming more home centered.
This affects the workload in two different ways:
- Remote access and protection of sensitive data are paramount due to WFH and constant use of data from different locations and devices.
- Collaboration on time-sensitive tasks must be ensured through company-wide communication via functional, secure platforms.
The need for modernization is a top priority for companies with high volumes of manual, time-consuming work. Some organizations are in a rush to go digital, so they choose to implement tools that only solve remote communication and basic processes. This can result in disruption, especially when security is not top-of-mind.
Management must not only ensure that the company's IT infrastructure can handle large numbers of remote workers but also verify that their organization has established security policies for working in remote locations - including the use of personal devices for business activities - and for remote access to the company's information systems.
As with events such as holidays, major events or natural disasters, the cyberattacks peril increases. Especially during the pandemic, we could see spam and phishing attacks on the rise.
The top 3 cyber-attacks challenges for companies and how to address them
1. Data theft
To be productive when working from home, employees must have access to the sensitive information stored in the company's cloud. However, once the content is downloaded and leaves the designated area, control over the data is lost. This means that the content is no longer protected by a firewall and can be shared or edited without the company's consent.
Even in the cloud, sensitive company data can be exposed to risks. There is also an increase in data breaches as hackers increase their technologies and strategies to break through security layers and steal sensitive information. Losing or leaking data is a great problem for companies as they are targeted for information theft, embarrassment or even espionage.
Phishing e-mails can look completely convincing, often with error-free wording and genuine logos, as the attacker tries to seem a trustworthy contact person to get access to sensitive information.
It is worth considering how to invest in additional protective measures to safeguard the identity of key contact persons and logins in operational and financial departments. More than that, it is recommended for the employees to be trained on such matters and taught how to identify suspicious emailing activities when working from home.
3. Cybersecurity Legislation
Cybersecurity legislation changes the way online security is understood and reflects new social norms in the world of remote working. However, too many companies are not taking note of these changes and may not be aware that they are violating cybersecurity regulations.
In the European Union, the General Data Protection Regulation makes sure you handle client and partner data correctly. If your company fails to adhere, you are threatened with fines of up to 20 million euros.
To-do-list for addressing WFH cybersecurity issues
A successful defence of corporate and private networks depends on good policies, culture, and individual compliance, and on ensuring that these policies are enforced over time.
Here are 10 things you can do to address the issues while your employees are working from home:
- Change passwords regularly - it may seem like a no brainer, but setting a default time for changing employee mail and access passwords not only helps your security but also gives you an overview of platforms, tools and accounts that are no longer in use;
- Look into two-factor authentication methods for sensitive applications and tools - this can give an overview of logins and encourage employees to be more careful with their credentials;
- Review your data governance policies and programs - ensuring that owners are identified, and all policy issues related to the content are addressed;
- Delegate security officers’ company-wide - for managers and teams working with highly sensitive data, a delegated security and compliance officer can provide the support and assistance needed;
- Update your compliance policy - create a compliance program that doesn't require an on-site visit by relying on third-party audits, continuous reporting on activities and controls;
- Organize internal training and workshops for employees to help them handle data more responsibly;
- Integrate encryption and scanning solutions into your data and applications – to create a robust and holistically secure infrastructure;
- Use sensitivity labels - marking documents and data as sensitive ensures that the same confidentiality is maintained across departments when multiple teams contribute;
- Evaluate the need for site or plant-based controls - Ensure that applications no longer need to run on a specific device or reside in a specific location or network to provide protection;
- Implement a cloud security gateway and/or environment - Create a cloud-based environment through which all network traffic is routed to apply for the appropriate security protection;
- Deploy cyber threat intelligence – it provides insights into cyber threats and promotes a faster more targeted response.
New technologies are constantly improving the way we work, but in these changing times we face, working from home can bring serious security challenges that companies need to address.
By implementing this to-do-list for addressing WFH cybersecurity issues, your company can overcome challenges such as data theft, phishing, and lack of compliance with security legislation.
Your WFH strategy should not only focus on managing rapid digitization as an IT initiative but should also focus on training the workforce to keep credentials and sensitive data safe.
Effective organizations should also be aware of other types of disruption that can occur when everyone is online. We have covered more on this topic in one of our other articles about preventing disruption at your digital workplace.