As employees rejoin the network, cyber risks are heightened. Why it’s important to have essential security measures in place before it’s too late.
By Stephen Burke, Cyber Risk Aware CEO & Founder
As the new normal starts to take shape and businesses gradually open their doors to the returning workforce, a fundamental question to any IT department is whether adequate security measures are in place to protect the corporate network from an influx of looming cybersecurity risks.
When lockdown dispersed the nation into a remote workforce earlier this year, few businesses were fully equipped to issue company devices with regularly patched antivirus security at such short notice. The IT departments did their best to equip all teams with whatever was available to enable a ‘working from home’ environment. With employees now set to rejoin the workplace, there is an abundance of insecure hardware about to hit the corporate network, a cybersecurity bomb about to go off, threatening to explode confidential data out to an eagerly awaiting cyber attack.
The average cost of a data breach in 2019 was $184k for a medium-sized business and $715k for a large organisation. These cybercriminals target the vulnerable areas within a business. They are aware of changing employee circumstances and know how to best theme attacks to maximize effectiveness. We have seen this through the increased phishing attacks around Covid-19 and working from home for example. Google data revealed a 350% surge in active phishing websites during the coronavirus pandemic. Phishing attacks are more sophisticated than ever, and they continually evolve and adapt.
With a re-emerging ‘out of sight’ remote workforce, there are huge, potentially detrimental unknowns, about to come to the fore. Devices used remotely most likely have confidential data stored on the system. It should be anticipated that other household members have used the same devices possibly having installed insecure software or visited insecure websites. There is no guarantee these computers have been maintained and patched over recent months. Do CISOs feel they can trust these devices to rejoin the corporate network?
With every employee having access to 17 million files on average, CISOs need to be prepared for the heightened security risks as employees return to the workplace. We already know that over 90% of data breaches are caused by human error. It is therefore imperative that businesses tackle the issue of cybersecurity at the root cause – the people within the organization.
CISOs within the business is best placed to ensure risk assessments are carried out before their networks are fully exposed:
- Do you know where employees have shared corporate data and under which accounts?
- Was data shared via a public cloud environment such as google drive, one drive, dropbox?
These are essential questions to determine the level of security risk to any business, to ensure GDPR compliance is maintained and corporate data is safe.
- Have company devices been shared across other household members? Is so, are all passwords protected?
- Has any new software been installed or removed? Were any security warnings received from anti-virus software?
- Have any sensitive and confidential files been printed or disposed of at home?
Before devices are reconnected to the corporate network, assessments need to be undertaken, networks need to be monitored, and most essentially, the people within the business need cybersecurity awareness training and support. It is the people who pose the greatest business risk. They send and receive data all day every day, through a multitude of access points. If left untrained, they are the easiest target and can unwittingly expose the entire network, regardless of technological defenses that may be in play. If trained and supported, employees are the greatest line of defense a company can have – a Human Firewall.
Cybersecurity awareness comes in many forms, but for optimum effectiveness, is it best to combine interactive cybersecurity awareness training content with a software solution that works for hand in hand with your company’s IT infrastructure. Cyber Risk Aware offers “real-time” intervention training, which identifies where employees are making mistakes and send focused training material to help improve their behaviors, saving both money and time. Building a Human Firewall is the biggest defense against cybercrime.
About the Author
Stephen founded Cyber Risk Aware in 2016, after a career spanning over 20 years in technology and security specializing as a CISO. In that time, he found that most if not all security incidents are caused by human error at all levels in an organization, no matter how good the technical defenses were. Stephen founded Cyber Risk-aware with the mission of making a genuine difference and helping companies and users at home from being victims of cybercrime. Specialties: Security Education and Awareness Programs, Cyber Insurance, Network Security, Data Governance and Security, Malware Investigator and Incident Response, Risk Management, Security Behavior Analytics. Security Architecture, Heuristic Security, Security Audit, Digital Forensics, Penetration Testing, Encryption, Wireless security, Security management, Database as a Service, Internal Cloud Design, SAN Design, RDBMS Virtualisation and Consolidation, Disaster Recovery