The coronavirus pandemic has created many challenges for businesses as they adapt to new forms of operations where employees are expected or encouraged to work from home. This digital transformation in the workplace has made cybersecurity a major concern. If COVID-19’s impact on cybersecurity risks is ignored, the reputational, operational, legal and compliance implications could be considerable.
Impact of COVID-19 on Telecommuting
As a result of the restrictions imposed by governments in response to the coronavirus pandemic, many employers have encouraged employees to work from home and virtual conference calls have begun to replace meetings that were traditionally held in person. As a consequence, technology has become increasingly important in both our working and personal lives. However, despite the increased prevalence of technology, many organizations fail to provide secure remote-working environments for their telecommuting employees. Nonetheless, the need for proper cybersecurity to cover the remote workforce is clear. Over 50% of remote workers use a personal device to access work data, and 71% of security leaders lack sufficient visibility into remote employee home networks. Cybercriminals have taken advantage of the opportunity, with approximately 67% of cyberattacks targeting remote employees.
The increase in remote working demands greater focus on cybersecurity to offset the increased exposure to cyber risk. For instance, it has been reported that 1 in 3 employees are likely to fall for a phishing scam. Cybercriminals see the pandemic as an opportunity to exploit these kinds of vulnerabilities. Another example of criminals exploiting cybersecurity weaknesses in remote work arrangements can be seen in the series of cyberattacks on video conferencing services. Between February 2020 and May 2020 more than half a million people were affected by data breaches where the personal data of video conference service users was stolen and sold on the dark web.
A home working environment does not have sophisticated enterprise prevention and detection measures, and home Wi-Fi networks are much easier to exploit. Moreover, remote employees are more exposed to cyberattacks. For example, remote employees may be less likely to run an antivirus or anti-malware scan regularly. Also, employees working from home may be more careless with data processing due to distractions from family members or social visitors. IT systems need to adapt to these changes in working environments to reduce the risks of data breaches and cyberattacks.
How Companies Can Increase Cybersecurity
The growth of the remote workforce has created many challenges for businesses both large and small as they try to implement appropriate levels of cybersecurity to protect their data and effect compliance with applicable data privacy regulations. To enhance overall network security, businesses and their employees should implement essential cyber practices as outlined below:
- Cybersecurity Awareness – All employees should be regularly briefed on security best practices and procedures to regulate data processing.
- Phishing Awareness – Employees should be trained on how to identify and deal with suspicious emails. Employees can be vigilant when receiving emails by checking the authenticity of the sender’s email address.
- Antivirus Protection – Employees should be provided with access to antivirus and malware software for use on their home working devices.
- Home Network Security – Remote employees can improve their home network security by creating a strong password to protect their home Wi-Fi.
- Use a VPN – Virtual private networks add a further layer of protection for home internet use.
- Identify Vulnerabilities – No IT system is perfect. Companies should run tests to identify vulnerabilities and patch the most critical system weaknesses as soon as possible. This can be done through vulnerability scanning or various types of penetration testing exercises.
- Regular System Reviews – Companies should routinely evaluate cybersecurity risk exposure and determine whether existing security controls are sufficient. All new forms of cyberattacks should be considered during these types of reviews.
- Prepare for Security Incidents – In these high-risk times, companies are advised to carry out frequent cybersecurity incident simulation exercises to prepare their response to a cyberattack. Every organization should also build a cybersecurity team with trusted advisors to develop and implement the policies and procedures needed to lower exposure to cybersecurity risks.