As businesses embraced remote work to remain operational, the COVID-19 pandemic has caused an unprecedented increase in cybersecurity risk. While many companies successfully learned how to protect their digital assets from these attacks, the crisis revealed areas in cybersecurity that require revision and strengthening as we move ahead to the post-pandemic reality.
What Causes Increased Cybersecurity Risk?
The rapid adoption of remote work policies introduced many new challenges to businesses. By connecting massive amounts of company assets online—e.g., mobile phones, laptops, core systems, etc.—the attack surface available for hackers grew exponentially. Ill-prepared companies to make a swift and secure switch have been worst affected by the drastic increase in cybersecurity vulnerability.
As the FBI official statement claims, cyberattacks increased by 400% during the COVID-19 pandemic.
One of the main reasons why the risk skyrocketed was inadequate training in remote work best practices. New and often unfamiliar technologies used by employees to connect, collaborate, and communicate opened potential attack points to hackers.
When employees lack the necessary knowledge to maintain a secure connection, hackers are likely to exploit these new entry points. For example, by accessing critical company assets using unsecured devices, the employees can severely compromise enterprise data security.
IT teams have also become overburdened with the sudden surge in demand to provide employees with secure access to critical company assets. Understaffing has rendered IT teams unable to attend to company cybersecurity with enough vigilance. Without a properly optimized infrastructure to automate security in new technologies, equipping staff devices with an array of security tools has become a major activity. This consequently has decreased IT staff’s ability to perform real-time network security checks.
Still, many companies quickly learned how to manage the crisis and mitigated these risks by organizing training for employees and extending their IT teams. However, the newly discovered scope of risk and dependence on online tools to remain operational revealed gaps that need addressing to let companies navigate safely as they settle themselves in digital workplaces.
What Are the Specific Threats to Companies Implementing Remote-Work Policies?
The COVID-19 pandemic gave rise to phishing messages and pretexting (using a prefabricated scenario to obtain sensitive information for malicious purposes). The Mobile Phishing Spotlight Report by Lookout found that the shift to mobile work resulted in a 37% increase in mobile phishing attacks.
Through phishing messages, employees receive emails with links to dummy websites that can be used by hackers to steal data. Hackers can gain access to information by posting links to fake contract tracing apps, health resources, or workforce policy.
As employee contact with other staff gets limited to the online medium, hackers can also seize the opportunity to pose as other staff members, e.g, from IT or financial departments. By acquiring trust, hackers can steal sensitive company information and endanger company data security.
Cybersecurity experts in the US and UK have discovered that hackers are actively scanning for vulnerabilities in software used for remote work. When connected online, outdated or unpatched software greatly increases the likelihood of a breach.
But there’s also a downside to frequent updates and patches released by software producers.
To accommodate the demand for remote work tools, developers are pressed to release updates and new features quickly. Every new update can in turn introduce security issues that can be exploited if these releases haven’t been exhaustively tested. Also, with many devices and software solutions to manage, IT teams might struggle to install patches and configure tools promptly.
What Can Companies Do to Address These Risks?
As business leaders begin to understand their reliance on digital business processes, they should acknowledge the need to treat cybersecurity risk with utmost importance.
The board needs to recognize its importance in ensuring the employment of sufficient cybersecurity measures. Board members have to analyze in detail which assets to protect and how to invest in security approaches that work in the new post-pandemic reality.
The key to keeping digital business systems safe is to proceed cautiously with the introduction of new solutions. Also, companies should look into comprehensive consolidated security tools that cover multiple security areas.
The implementation of cybersecurity measures should always go before a particular technology is introduced. Companies should identify and analyze possible exposure areas before the adoption of software, to prevent security gaps.
A proactive rather than reactive approach is essential to decreasing cybersecurity risks. Businesses need to constantly assess risk exposures in their online assets to spot possible entry points well ahead of exploitation.
Other best practices as we move to a remote-first work environment:
Set up a reporting process. In case an employee is exposed to a suspicious email or activity, they should have a clear procedure on how to act and report it efficiently.
Provide regular cybersecurity risk awareness workshops. During the workshops, employees will learn how to use online assets securely and why cybersecurity is critical to company security.
Cybersecurity Is the Key to Company Resilience
Awareness and consistent reassessment of cyber threat exposure is necessary for companies intending to stay safe in the post-pandemic reality. The responsibility for cyber safety is a shared one—the board, senior management, and employees are equally responsible. However, it’s the board’s duty to recognize the importance of cybersecurity across all company assets and the proper implementation of security solutions.