Addressing Cybersecurity Risk Post-Pandemic

As businesses embraced remote work to remain operational, the COVID-19 pandemic has caused an unprecedented increase in cybersecurity risk. Many companies successfully learned how to protect their digital assets from these attacks. The crisis revealed areas in cybersecurity that require revision and strengthening as we move ahead to the post-pandemic reality.

What Causes Increased Cybersecurity Risk?

The rapid adoption of remote work policies introduced many new challenges to businesses. By connecting massive amounts of company assets online—e.g., mobile phones, laptops, core systems, etc.—the attack surface available for hackers grew exponentially. Ill-prepared companies to make a swift and secure digital switch has been worst affected by the drastic increase in cybersecurity vulnerability.

One of the main reasons why the risk skyrocketed was inadequate training in remote work best practices. In addition, new and often unfamiliar technologies used by employees to connect, collaborate, and communicate opened potential attack points to hackers.

When employees lack the necessary knowledge to maintain a secure connection, hackers are likely to exploit these new entry points. For example, by accessing critical company assets using unsecured devices, the employees can severely compromise enterprise data security.

IT teams have also become overburdened with the sudden surge in demand to provide employees with secure access to critical company assets. Understaffing has rendered IT teams unable to attend to company cybersecurity with enough vigilance. Without a properly optimized infrastructure to automate security in new technologies, equipping staff devices with an array of security tools has become a major activity. This consequently has decreased IT staff’s ability to perform real-time network security checks.

Still, many companies quickly learned how to manage the crisis and mitigated these risks by organizing training for employees and extending their IT teams. However, the newly discovered scope of risk and dependence on online tools to remain operational revealed gaps that need addressing to let companies navigate safely as they settle in digital workplaces.

What Are the Specific Threats to Companies Implementing Remote-Work Policies?

Social Engineering

The COVID-19 pandemic gave rise to phishing messages and pretexting (using a prefabricated scenario to obtain sensitive information for malicious purposes). The Mobile Phishing Spotlight Report by Lookout found that the shift to mobile work resulted in a 37% increase in mobile phishing attacks.

Through phishing messages, employees receive emails with links to dummy websites that hackers can use to steal data. For example, hackers can access information by posting links to fake contract tracing apps, health resources, or workforce policies.

As employee contact with other staff gets limited to the online medium, hackers can also seize the opportunity to pose as other staff members, e.g., from IT or financial departments. By acquiring trust, hackers can steal sensitive company information and endanger company data security.

Software Vulnerabilities

Cybersecurity experts in the US and UK have discovered that hackers actively scan for vulnerabilities in software used for remote work. When connected online, outdated or unpatched software greatly increases the likelihood of a breach.

But there’s also a downside to frequent updates and patches released by software producers.

To accommodate the demand for remote work tools, developers are pressed to release updates and new features quickly. Unfortunately, every new update can introduce security issues that can be exploited if these releases haven’t been exhaustively tested. Also, with many devices and software solutions to manage, IT teams might struggle to install patches promptly and configure tools.

What Can Companies Do to Address These Risks?

As business leaders begin to understand their reliance on digital business processes, they should acknowledge the need to treat cybersecurity risk with utmost importance.

The board needs to recognize its importance in ensuring the employment of sufficient cybersecurity measures. Board members have to analyze in detail which assets to protect and invest in security approaches in the new post-pandemic reality.

The key to keeping digital business systems safe is to proceed cautiously with the introduction of new solutions. Also, companies should look into comprehensive consolidated security tools that cover multiple security areas.

The implementation of cybersecurity measures should always go before introducing a particular technology. In addition, companies should identify and analyze possible exposure areas before adopting software to prevent security gaps.

A proactive rather than reactive approach is essential to decreasing cybersecurity risks. Businesses need to constantly assess risk exposures in their online assets to spot possible entry points well ahead of exploitation.

Other best practices as we move to a remote-first work environment:

Set up a reporting process. If an employee is exposed to a suspicious email or activity, they should have a clear procedure for reporting it efficiently.

Provide regular cybersecurity risk awareness workshops. During the workshops, employees will learn how to use online assets securely and why cybersecurity is critical to company security.

Of course, to avoid problems and potential risks when shifting to a remote-first workplace, already have technological solutions in place like video conferencing apps, HR solutions, or board portals, etc. to have a digital workplace foundation set.

Cybersecurity Is the Key to Company Resilience

Awareness and consistent reassessment of cyber threat exposure are necessary for companies to stay safe in post-pandemic reality. Cyber safety is a shared one—the board, senior management, and employees are equally responsible. However, it’s the board’s duty to recognize the importance of cybersecurity across all company assets and the proper implementation of security solutions.