Here, IT Naturally discuss how the rise of working from home has lead to a rise in cybercrime risk and how we can combat this
Remember when people packed onto trains or sat bumper to bumper in traffic to get to the office? Every day.
As COVID-19 hit hard, there had to be a fundamental change and by April 2020 nearly half of us were working from home. It is now estimated that by 2025, 70% of the workforce will be working remotely.
2020: The year of working from home
Remote working was once a luxury, but faced with a mandate UK business had to make it work. Modern IT stepped in and enabled many companies to stand up solutions overnight.
Credit to the networks that largely accepted the additional load on home broadband and to companies like Microsoft, Google and Zoom who never seemed to miss a beat when it came to video conferencing.
Working from home challenges
Remote working saved the day for many businesses but brought with it a number of new challenges.
- Broadband – Who has not had to apologise for connection issues? Our WiFi speed and performance can make or break our day. If everyone in your street is now consuming the bandwidth and you need to stay connected it can be challenging.
- Ergonomics – Do you have a desk to work at? Are you sitting correctly? Is your screen big enough? Ensuring your set up is correct is crucial for your health and safety and yes, research shows that you are far more productive with a bigger screen.
- Costs – The relocation to your home should not come at your own expense. Did you know you can get £6 a week tax relief additional costs like heating, broadband, a new computer or laptop?
- Security – Cybercrime in the UK rose 31% in just two months during the height of the pandemic.
Focusing on the security threat
The pandemic presented a unique opportunity to malicious actors, the protection provided by the corporate network and their firewalls had been smashed.
Moving from the office has not only seen the volume and frequency of cybercrime increase but the scope for cyber-attacks and data fraud widen. We are now regularly seeing:
- Phishing emails (where a user is tricked into clicking a link in an email and sharing information that can be used maliciously).
- Malicious keylogging (where spyware is installed onto a user’s laptop and passwords and personal financial information is captured and used for malicious purposes).
- Data fraud (where employees who have been made redundant whilst working from home have kept corporate data).
- Data leakage (where employees share and collaborate documents leaving data in an external destination).
All of these types of attack rely heavily on employees sticking to best practice, another challenge in itself.
Many people use their own devices for work that lack the inbuilt security protocols like those in the office and it’s this that paves the way for an increased risk of attack. Companies need to have a stringent Bring Your Own Device (BYOD) policy in place, ensuring employees understand and adhere to the boundaries and policies required, especially when sharing personal devices loaded with corporate applications and data with the rest of the family.
A BYOD policy should mandate:
- A reliable and robust anti-virus installed on laptops to check for the latest viruses and spyware, and ransomware.
- A secure personal home router, with a unique password that has not been shared, with separated access for guests.
- A Secure VPN used to extend the corporate network and secure communication between home and office.
- The firewall is enabled on your PC or laptop whether its Windows or Mac.
How to minimise the cybercrime risk
There are many security practices a company can put in place to ensure your network and data are secure. The risk may be increasing but the detection method is hot on its heels.
Anti-phishing services will detect a phishing email and with artificial intelligence, learn from it and block future attacks. It enables users to report a suspicious email from their inbox, and it will also run tests on users to ensure they are educated in a safe environment about phishing.
Dark web scanning will enable a service that scans the dark web for data that may have escaped from your business and is being shared.
Document rights management (DRM) controls access to encrypted documents based on the user’s identity.
Multifactor authentication demands at least two items of identity, like a password and link to your phone, to confirm who you are for access.
Next-generation identity and access management (IAM) allows increased flexibility for users.
A ‘Zero Trust’ security policy requires verification from everyone before accessing data irrespective of the role.
Going the extra mile
A robust cybersecurity system will significantly reduce your risk of attack but what if a highly intelligent cyber threat still gets through?
With cyber-attacks costing the UK an eye-watering £34bn, it is fair to say a breach could cost you heavy so it’s worth investing in cyber insurance. Your business should also have a disaster recovery plan in place, with clear guidance.
Need some help with your IT security?
The increased risk of cybercrime, the evolving technology and what you should choose to protect your business may feel overwhelming.
IT Naturally places strong importance on ensuring the correct cybersecurity protections are in place through our managed infrastructure services.
Talk to us if you need help with where to focus your efforts when it comes to cybersecurity and we can answer any of your questions.
- Do I have an adequate budget to make it worthwhile?
- My organisation is small, do I need to worry about cybercrime?
- We put an IAM system in place years ago, does it need to be upgraded?
Our Cyber Resilience services include:
- Security Incident Event Management (SIEM)
- Advanced mail security
- Digital Risk Protection
- M365 Security
- Active Directory security
- Security Operation Centre (SOC)
- Penetration Testing
*Please note: this is a commercial profile