By Chester Avey
The Covid-19 pandemic has caused seismic change for business. Not only have markets and industries had to find ways to adapt, but companies of all sizes have faced an unprecedented scenario. It can be easy to understand then, that cybersecurity may not have been a huge priority for businesses
However, it has now been well established that over the period of the pandemic there has been an enormous rise in cybercrime. Some studies suggest that between 2020 and 2021 there was a 50% increase in overall attacks on corporate networks, and a 40% increase in cyber attacks globally. Cleary, this is a major problem that businesses need to start taking very seriously.
But what has driven this rise in cybercrime? Certainly a part of the issue is simply the number of businesses that are taking their work online. This relates to both having to start an ecommerce site if they couldn’t sell physically, or put their work on servers and provide access to employees.
Another major element of the cybersecurity crisis is the fact that so many people are now working from home. It could be the case that the increased level of remote working is something of an unseen problem for businesses, as companies are yet to fully understand the dangers and what they can do about them.
Lack of office protection
Many in-office workers are used to doing their job with a degree of simplicity with regards to cybersecurity. The IT infrastructure within offices generally puts a great deal of focus around cybersecurity and keeping workers safe, including by enforcing good cybersecurity practices such as the closing down of machines and the use of strong passwords.
When these workers then come to do their job remotely, some are not really prepared or perhaps even aware that what they are doing could be detrimental to the overall cybersecurity of the company.
“With remote working the new norm, it’s easy to slip into bad habits,” says Juliette Hudson, Senior SOC Analyst at cybersecurity specialists Redscan “however, with cybersecurity risks being greater than ever and remote workers lacking office protections, it’s important to maintain a high standard of security awareness”.
Additionally, there are powerful protections offered by software such as the company firewall and other software.
Opportunities for business email compromise
Business email compromise (BEC) is a form of attack where a cybercriminal takes control of the email account of a member of your organization. With this account, they make a request such as for an employee’s bank details to be changed, or for a payment to be paid to someone outside of the company.
These requests can easily be granted as they come from the genuine email address of the colleague. In this sense, they are more of a threat than a standard phishing attack.
Remote working makes BEC attacks more dangerous because staff become more used to the idea of communicating entirely through devices. So, if a member of staff asks a member of the accounts team to make a payment via email, they may well take it at face value. In that scenario in the office, it is more likely that the accounts team can easily check with the person face-to-face.
The dangers of shadow IT
Another challenge for companies with remote workers is the issue of shadow IT. Shadow IT refers to any kind of application, software or hardware that is used by a member of staff without the knowledge or sign-off from the IT team.
This is actually a very common issue for businesses; members of staff will find pieces of software or applications that provide them with advantages when working, and so they will simply install it and start using it.
In theory, that is a benefit as it could allow for a more productive working day – but on the downside, many applications have flaws and vulnerabilities. It is therefore typically a part of the remit of the IT to assess them to ensure that there is nothing that could put the company at risk.
With remote workers, the danger is actually much greater as they are more likely to make use of their own software and not run it by the IT team.
Remote working clearly has a broad range of benefits for companies and workers, but there can be no doubt that it has created challenges for cybersecurity too. It is really worth implementing strong procedures and policies, and providing staff with training to help minimize the risk of cybercrime for your company.