According to McKinsey & Company, “The pandemic has made it harder for companies to maintain security and business continuity.” This is true for a variety of reasons. For one thing, the increase in work-from-home (WFH) arrangements — and the weaker security inherent in those external connections — provides additional attack vectors for cybercriminals to access companies.
Employees aren’t just vulnerable from a technological perspective, either. Fear, anxiety, and stress put them in a position where they are more likely to fall for online scams and phishing schemes. This limitation is especially problematic if workers don’t have proper cybersecurity training in the first place, such as understanding what red flags to look for in incoming emails and other communications.
To make matters worse, access to IT teams may be limited as they attempt to keep up with their regular duties as well as address pandemic-related issues and help WFH employees create safe, secure technology setups in their homes. One remedy for this challenge may be to use IT outsourcing services like those offered by BairesDev. But that isn’t the only solution. Here we explore some of the most pressing cybersecurity issues today and review a few suggestions to improve your corporate security.
Additional Attack Vectors
Pre-pandemic, many companies were able to contain the number of ways cybercriminals could intrude on their network within a technological “fortress” on their premises, or with a combination of on-premise security and strict “bring your own device” (BYOD) rules. Now, that protection must extend not only to a limited number of employee devices but to additional devices well outside company walls.
Workers may be connecting with personal computers and other pieces of equipment that haven’t been approved for use with company systems. They may also be using insecure residential internet connections or, even worse, public Wi-Fi to connect with company networks. Each new element presents a new inroad, or attack vector, for cybercriminals to use to execute their malicious plans.
The following video explores many of the issues faced by companies offering WFH arrangements:
The pandemic has forced many people to rely more heavily on online services for both work and personal use. The World Economic Forum states, “The Internet has almost instantly become the channel for effective human interaction and the primary way we work, contact and support one another.”
That means an attack on a company’s network could bring some or all productivity to a halt, while an attack on a widely used platform or on internet infrastructure could cause serious problems for people trying to do anything from order groceries to participate in a video conference. For industries that deliver basic services, such as healthcare, those breaches could prove devastating or even deadly.
The attacks could also disrupt the ability of governments and organizations to disseminate critical information like disaster updates and evacuation orders.
In times of crisis, it’s normal for people to feel off-balance and rely less on reason and more on emotion when making decisions. The pandemic is a crisis for just about everyone, given that so many people are experiencing illness, the illness of a loved one, the stress of losing a job, financial concerns, the need to educate children while working full-time, or simply fear of what might happen next.
Therefore, cooler heads may not always prevail when workers are confronted with scams. For example, a harried dad working from home while supervising his child’s online learning may accidentally click a link in an email message from an unknown sender, causing malignant software to be loaded onto his company-network-connected computer, thus compromising the entire company.
Cybercriminals understand such vulnerabilities and are only too willing to take advantage of them and promote topics (such as phony coronavirus cures or get rich quick schemes) they know people are more willing to pursue in these troubling times.
Those who work from home may be additionally vulnerable to such attempts if they haven’t received proper training in online security.
Less IT Support
IT teams may be stretched very thin as they try to mitigate these challenges. The list in the next section includes just some of the things these professionals may be dealing with at work. Meanwhile, they may be working at home themselves and facing some of the same personal issues as their peers in other departments.
That means non-IT WFH employees might try to serve as their own IT staff. The results could be positive or negative, depending on the skill set of each worker. Worst-case scenarios include performing faulty hardware or software installations and failing to follow basic cybersecurity hygiene (see #1 below), either of which could lead to cyber intrusions that could go unnoticed or unaddressed due to lack of knowledge.
Take Extra Precautions
Fortunately, there are many steps you can take to lessen the impact of these issues. Here are a few ideas to get you started:
- Train WFH employees on the importance of cybersecurity, what can happen when it’s breached, and what they can do to support it. Measures include:
- Using strong passwords, especially on home routers
- Keeping security software and other applications up to date
- Not clicking links in emails from unknown senders
- Checking with the company’s IT department before accepting “help” from anyone claiming to be from that team
- Within the company network, update patches more frequently, especially for critical systems, such as virtual private networks (VPNs) and cloud interfaces.
- Be more vigilant about verifying employee identity. Use multi-factor authentication (MFA) to ensure added protection.
- Devote as much IT attention as possible to getting WFH workers set up securely with up-to-date equipment and approved applications.
- If your company provides an online platform, especially one that delivers basic services, shore up the network to address security concerns and accommodate higher than usual volumes.
- Provide resources for employees to access when they become overwhelmed or need mental health care.
- Revisit emergency response protocols to ensure you have robust planning in place for worst-case scenarios.