Remote work. Good for work-life balance. Bad for security.
So much got skipped in our haste to make the work from home transition. The chaos presented hackers with sensitive info on a silver platter and sent data breaches into overdrive.
“Interpol has recorded an ‘alarming’ rate of cyberattacks aimed at major corporations, governments, and critical infrastructure. Phishing, malware, ransomware, and other intrusion attempts are on the rise, and 20% of businesses have reportedly suffered security breaches, including financial losses,” reports Forbes.
Don’t want to get added to that list? Deescalate security threats before they’re a problem by putting these tips into practice.
Assess Your Risk
To effectively go on the defensive, you must first know where you stand. Start by evaluating your “new normal” and account for factors that may not have come into play in a pre-pandemic world.
A comprehensive risk assessment takes your entire security fabric into account. The security welfare check can be conducted internally or using the services of a reputable consultant.
At minimum, be sure the audit covers your:
- Hardware and devices
- Software applications
- Data repositories
- Network architecture and connectivity
- User authentication methods
- IT policies
- Intellectual property
Soup Up Your Security Training
Employees often represent a business’ biggest weakness. Fortunately, knowledge is power.
Helping them stay vigilant requires constant training – and that’s when they’re in the office. When working remotely, they’re even more likely to be targeted. Threat actors are banking on at-home distractions (hello, homeschool) and lax home networks to make their jobs even easier.
Even more worrisome to corporate security programs, however, is the potential for attacks launched from a remote worker’s home network.
As Fortinet’s 2021 Global Threat Landscape Report states: “Even more worrisome to corporate security programs, however, is the potential for attacks launched from a remote worker’s home network. Think about how many devices lie between an employee working from home and the enterprise applications and data needed to do their job. Now think about all the things attackers could do if they compromise those devices. You can be sure that attackers are thinking about it too.”
In short, if you’re not consistently implementing and testing your staff on new security measures, you’re setting yourself (and your entire network) up for attack.
Plan for the Worst
Just like the pandemic, most cyber-attacks you never see coming. You could exhaust yourself trying to unsuccessfully come up with every possible threat scenario, or you could do the sensible thing and make sure you have a plan in place if there is a breach.
Have your IT team run “fire drills” for different security breaches to see how quickly a resolution can be achieved. Put a plan in place to address suspicious behavior during off hours and holidays, too. Not many cyber criminals have a strict 9-5 schedule, after all. Each member of the team, as well as any external security contractors you work with, should have clearly identified roles and be well-versed in your full-scale security procedures.
Forbes also reminds organizations to “be sure your crisis management plan is up to date. Who is going to alert authorities and regulators? Talk to the press? Put the wheels of remediation in motion? This is as essential a part of risk management as implementing the technologies to keep your data safe.”
Cyber threats are going to remain an evolving, permanent fixture in our lives. As they grow more sophisticated, so must your security hygiene. Identifying and addressing the gaps now is your best recourse against the inevitable.