Managing the Escalating Threat from COVID-19.
When the global Coronavirus pandemic struck, naturally businesses immediately focused on continuity of their service, customer retention and ultimately, survival.
In March 2020, the UK government introduced strict social distancing measures, instructing us to stay at home. By April, the ONS reported that 49.2% of employed adults were working from home.
The sudden operational shift saw kitchen tables being turned into workstations, personal devices being used in place of office desktops and home Wi-Fi networks groaning under the stain of an upsurge in video conferencing.
Many resource-stretched IT departments faced a massive administrative and logistical challenge, immediately managing hundreds if not thousands of remote offices. Without adequate time to plan, security slipped down the priority list during the rapid deployment. This left businesses exposed; risking damage to their reputation, substantial legal compliance implications and potentially devastating financial consequences should a data breach occur, with ICO fines of up to £18 million. And the detrimental financial implications do not stop there.
On average – downtime costs a business as much as £250,000 per hour*.
Whilst millions of home workers, grappled with new cloud-based technologies and VPN’s, cyber criminals also saw their opportunity to make a change or two – devising increasingly devious, sophisticated ways to target vulnerable remote employees.
Why is there an increased threat to cyber security when working from home?
Working from home cannot provide the same levels of security as the superior network prevention and detection measures found at commercial premises. Home Wi-Fi systems are far simpler to hack and are not fit for purpose. Has the Coronavirus made life much easier for the cyber criminals?
As home working was initially thought to be short-term, many businesses allowed employees to use their own mobiles, laptops and hard drives. In the rush, many companies failed to double-check if those personal devices had any security software installed at all. Remote workers are far less likely to run anti-virus or anti-malware tests; and if we are honest, many of us have snoozed a vital PC security update when it hasn’t been convenient.
Planned hardware updates have been placed on hold due to internal budget cuts. Large-scale supply chain issues are also preventing new asset deployment – Hong Kong, China, and Taiwan all being major exporters in the electronics industry.
Human error is understandably one of the biggest causes of data insecurity. Stressed employees have been busier than ever as they’ve juggled work, home schooling and various unusual distractions. Workers may feel an additional sense of security whilst at home; they may be less alert to cyber threats than they would be in the office. It is unsurprising that a little complacency has crept in.
A year on, most workplaces are still to reopen their doors. So, in the meantime, how do you protect your remote employees and your business from increasingly inventive cyber-attacks?
The impact of the Coronavirus on online security.
In April 2020, Google blocked more than 18 million malware and phishing emails per day, and a further 240 million daily spam messages, which were directly linked to the pandemic+. In July, the City of London Police said that £11 million had been lost by direct COVID-19 scams in the first 6 months of 2020**.
Our reliance on technology to operate remotely has propelled the digital transformation of businesses, globally. Cloud-based technologies and remote collaboration has seen an increase of shared files. The more shared files, the greater the risk of a breach.
Direct corporate attacks.
There has been an upsurge of known cyber-crime techniques. Despite us all knowing that you shouldn’t use the same password for all access, many still do – whilst the increasingly advanced credential stuffing software gains easier access to your sensitive records. Ransomware is also being combined with a data leaks to make greater financial demands. Highly sophisticated infiltration techniques not seen prior to the pandemic have emerged, new methods increasing by 15% in 2020**
47% of individuals fall for phishing scams whilst working from home**.
More ‘traditional’ phishing has sought to capitalise on Coronavirus fears with criminals posing as trusted NHS or Government sources, linking to fraudulent websites promising news of a vaccine, for example. Phishing has also evolved to include SMS and ‘vishing’ – the use of voice calls and voicemails to trick their target.
Video conferencing infringement.
Whilst those new to Zoom were still trying to connect seamlessly, cyber criminals were seeking to cause maximum disruption to those so reliant upon video conferencing.
Globally, between February and May 2020, over 500,000 people were affected by the
data breaches of video conferencing platforms**.
Undetected by the host, direct access to your virtual meetings can also be gained – the uninvited guests obtaining information straight from the attendee’s mouths.
How do you mitigate the increased risk from home working?
The upsurge in both new and known threats demands a proactive response to the substantial risks posed.
Reinforce your security with host checking technologies, which automatically validate an individual’s requirements before they can access certain applications. Innovative cyber-attack intelligence can alert you to known addresses, helping you identify potential attacks faster.
Automated controls, such as time outs for databases, two-step authentication and advanced email filtering can help to reduce human error.
Undertake regular audits – Update systems and hardware.
Run penetration tests and identify potential weaknesses, updating systems or patching any vulnerabilities. These should be administered centrally to ensure completion.
Updating your equipment is more important than ever. A visit to most IT storerooms will uncover redundant IT equipment and end of life assets – all potential data security issues waiting to happen.
47% of businesses do not erase data properly+ – One of the biggest challenges in data governance.
With IT offices remaining empty all year, the importance of data destruction is evident. An ITAD supplier provides data erasure and disposal services for your old hardware – providing IT asset disposal accreditation certification for each device.
Many environmentally friendly ITAD partners recycle components. With guaranteed residual trade-in values through their buy-it-back services, you can sell redundant IT assets and top up your departmental budget. If you are facing supply chain issues, you can choose to refurbish older equipment, limiting the use of personal devices.
Many ITAD service providers have diversified throughout the pandemic to offer wider support facilities, providing secure services, such as contact free collection and delivery to remote teams.
Educate staff on best practices procedures, the importance of anti-virus and system updates and the implications of the new threats. Advice can be disseminated on how to maximise home Wi-Fi security with strong passwords and WPA-2 protection. Where personal device use can’t be avoided, you could provide an annual licence to ensure your company is protected. You could create a mandatory in-house training program that informs employees how to spot a potential phishing or socially engineering scam.
Always encourage an open culture. All too often, employees are concerned about raising the alarm, but any delay in the reporting process, could turn a minor issue into a serious and costly data breach.
Despite the intense cyber threat to our remote teams, we are able to make home working practices more resilient.
Preparation is key. With a simple mind-set shift from, ‘if’ to ‘when we are attacked’, we can respond at speed. By reducing reliance on internal teams, maximising use of cutting-edge automated technologies and understanding the importance of asset disposal, we can protect our businesses from the unnecessary risks of downtime, data breaches and extensive financial loss.
With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of surplus hardware responsibly and legally.
Contact us today on 0161 777 1000 or visit https://www.tier1.com to find out how we can help you dispose of your data safely and reliably.
* Neuways.com **Deliotte Cyber Intelligence Centre, Deliotte.com, +cyber-trust.eu, hso.co.uk