What security challenges does your organisation face? How has the security threat landscape changed?
The dramatic shift towards remote working in the wake of COVID-19 has had an unfortunate side effect – an increase in cyber-crime. If businesses don’t take the appropriate steps needed to secure endpoints and protect data, then they risk being overrun by phishing and malware attacks in this new threat landscape.
With cyber-crime continuing its trend of increasing year on year, it is important to know the threats that businesses face and the best ways to mitigate them before they become a very real problem.
More devices mean more opportunities
Over recent years, digital transformation has largely been synonymous with the cloud. Being able to move business assets and sensitive data outside of the onsite network has been beneficial for businesses, especially those that operate globally and require better access. Wider use of the cloud means that more devices are in use, providing a wider potential attack surface.
Another consideration for IT teams is IoT devices, especially those operating over 4G or 5G. IoT devices such as printers, security cameras etc, are well-known for being easy to take advantage of, with 2019 alone seeing attacks on IoT devices rise by a shocking 300%. Limiting their use may be seen by some as being prudent rather than a technological step backward, but if your business relies on IoT then it is important that you don’t just plug them in and forget about them, as that’s what hackers are relying on.
Instead, you should be sure to regularly update associated software, set unique passwords, and ensure that they are using secure internet connections.
Remote workers need extra attention
Unsurprisingly, remote workers are a large target for phishing scams. A worrying 53% of businesses have seen email phishing attacks increase during the pandemic, with a third saying that they had fallen victim to successful attacks thanks to workers using their own, unprotected, equipment for work purposes.
Providing a company laptop that is limited to business use is one way to curb the risk of cyber-attacks, as access to personal emails can be limited, but any device will still have to be furnished with the correct security systems. According to Kaspersky, 23% of desktops and 17% of laptops provided for remote work in the UK came without any antivirus or cybersecurity software installed. When organisations are registering an average of 40 phishing attacks each day, installing antivirus software on every endpoint is the very least organisations should be doing.
Outdated software is a weak point
IT teams can easily keep track of when software needs to be updated when all the devices are centralised and ‘inhouse’. With remote working, it’s harder to keep on top of updates and patches, but they are vital to keeping out ransomware.
Constant updating is the only way to keep software safe from attack, as unpatched programs can be easily breached n order to install malicious systems such as cryptocurrency miners.
Installing updates may feel like something that can be put off, but it’s actually a really strong line of defence against cybercrime.
Countermeasures you need to have in place
In order to really counteract the growing threat of cybercrime, businesses need to be proactive in their measures and implement the right tools and processes.
Here’s the steps you should be taking:
Provide work-only hardware
It’s understandable that employees had to use their personal equipment during the earlier days of the pandemic, but if they’re still using unsecure, potentially shared equipment after a year then it’s imperative that they’re given company computers ASAP. Providing a means to keep work and personal activity separate will dramatically decrease the risk of falling prey to malware and phishing attacks.
Make training available
If employees don’t know how damaging the repercussions of opening a bad link can be, then it may be wise to invest in some training. Training can be general and cover all the bases, or it can be specific for different levels of the business and individuals with access to the most sensitive data and materials.
Implement a zero-trust policy
A zero-trust policy isn’t as scary or alienating as it sounds. In reality, implementing zero trust actually means creating better security by instructing staff to log into the company network via an encrypted VPN. Implementing two factor verification is another deceptively powerful line of defence, but if you want to take a step further then creating privilege environments is even safer. Essentially this means ring-fencing the most sensitive areas of the network with a separate log-in and keeping the ability to perform general day-to-day activities in a different location altogether. Another benefit of creating these privilege environments is that only those who need to access important data can do so.
Invest in security solutions
Endpoint detection and response software is invaluable for businesses today, as they will alert you and your IT teams to any changes in your network. That means that potential threats can be investigated and quashed before they have had a chance to embed themselves in your network and damage, or steal your data.
By following these steps, you will create a more robust defence against cybercrime for your business, keeping the network and your valuable data safe whether your staff are working from home or back in the office.