Exclusive article for Security Buyer, courtesy of Scott Lynn, Service Director, Agilitas.
Scott Lynn, Agilitas’ Service Director, looks at how a company should assess its cybersecurity procedures in the new normal and warns that not addressing them can cause serious consequences. He also explains why it is critical to be knowledgeable about the developing workplace, including dynamic digital strategies and operational practices, and highlights why we need to reflect on past working styles to see how they can shape the very different future we now face.
Home working here to stay
Over the past year, millions of workers have had a crash course in what it is like to work from home. Some people have found pleasure in swapping their work desks for the kitchen table or the office for the spare bedroom, and others not so much. Some will hope to never go back, while others can’t wait to return, with many thinking working from home every now and again provides the perfect work/life balance. Whichever way you look at it, there’s no question that once this pandemic is over, the levels of home working will remain at high levels across the UK and beyond.
There are a lot of benefits to businesses providing increased flexibility to their workforce. Giving employees the choice can greatly increase their fundamental happiness and motivation as they can make work fit their lifestyle and be at their most productive.
However, home working also comes with one big concern for organisations. Can it be done securely?
Fundamentally, the disparate nature of home working increases vulnerabilities. Put simply, there are more points of access, and therefore, more points of potential attack. When workers are spread out and isolated rather than working from the same office, both the surface of attack and the risk are increased exponentially.
Organisations have less control and less oversight so, in essence, they are more vulnerable to attack.
Homeworking attracting attacks
In the last few months alone, some 7,000 UK email servers were reported as being potentially exposed by a security flaw in the global Microsoft Exchange email service. Malicious software was found on thousands of machines that the National Cyber Security Centre has been helping organisations to remove.
Of course, email has become even more critical to businesses in these home working times and cybercriminals know this all too well. Hence phishing emails, ransomware, and spoofing attacks surging throughout the COVID-19 pandemic. Fraudsters and criminals know that security systems are only as strong as their weakest point, so if they can compromise one machine on one network, they can potentially get access to all kinds of valuable information.
Why it’s so important to get security right
Not paying enough attention to cybersecurity in this changing environment can be an expensive risk for any organisation. Highly valuable corporate information can be stolen in a hack and a significant amount of money can potentially be demanded in ransomware attacks. There are other costs to consider as well. When your business is taken down by a hack – it can spend days, if not weeks or months, dealing with consequences and repairing the damage, rather than focusing on its core business.
On top of that, there are the potential legal consequences of mishandled data or failure to comply with standards. In many ways, despite the large ransomware demands, the biggest cost to your business from cybersecurity breaches is the impact it can have on your reputation long-term. Get cybersecurity wrong, and you risk losing the trust of your customers and industry partners. To operate successfully in 2021, you need to operate securely, no matter how widespread or isolated your workforce has become.
Remote identity management
So, what does working from home require from a cybersecurity standpoint? Of course, the end goals are no different from working in an office, but it can be a lot harder to achieve them. The starting point for good cybersecurity is a mechanism to ensure you can verify the identity of everyone accessing your network. That allows you to guarantee that your employees and no one else can log onto your systems remotely to access your organisation’s sensitive data.
Organisations can achieve this through the use of up-to-date software and hardware that provides secure authentication. You must ensure that remote employees log into your system using methods that are reliable, strong and also easy to use. This could be through multi-factor authentication or through a combination of hardware and technology that allows for remote authentication. It’s imperative that organisations have the operations and flexible supply chain in place to provide the workforce with the hardware and software they need to work safely from home.
If just one worker from home is not following protocol or is not equipped with the right tech and they become a target of a hack – they become the broken link in the chain with the whole organisation becoming compromised. It’s so important cybersecurity is taken seriously from top to bottom, with everyone adequately equipped, wherever they are.
Working together while not together
We now live in a virtual world. Virtual meetings, virtual documents, and virtually everything done online. Working from home has turned a simple face-to-face meeting or the sharing of a document into a scheduled Zoom or Teams call. Data security that allows for collaborative work to be securely carried out online is more important than ever. Employees need to be trained in security protocol and given software that allows them to safely collaborate with their colleagues. Fundamental to this is keeping access to files on a need to know basis, as the likelihood of potential security threats reduces when you limit access and don’t unnecessarily expose files.
These principles also apply to internal collaboration, as well as when documents and files need to be shared outside your organisation. Businesses need the means to safely share their work while remaining in complete control of it.
Good cybersecurity prepares businesses for worst-case scenarios. Organisations need to have an attitude that expects a cybersecurity incident to happen, ensuring they are prepared in the event of such an attack so that they always have a means of response should a threat occur.
As well as strong access protection, organisations need cybersecurity solutions that let them spot hacks on their system promptly. Too often hacks go undetected and the damage caused takes much longer to solve and remove, so systems need to be constantly audited so that strange or unexpected behaviours are identified and investigated immediately.
If an issue is discovered, the home-working environment of our response teams complicates the situation, making it hard for an organisation’s IT teams to be able to respond quickly to limit the damage. This could mean the implementation of software that allows them to quickly provide remote support, shutdown systems, or isolate parts of the network. Operational flexibility becomes paramount to businesses; in terms of how quickly it can recover, replace and repair compromised devices to keep operational downtime to a minimum.
Adapting cybersecurity for a home-working culture
The new normal demands that organisations rethink their approach to cybersecurity. The network infrastructure of support, software and hardware needs to be constantly adapted, improved and in tune with market demands to cope with the current situation. Homeworking has been imposed on us, and because of that, cybersecurity needs to be implemented across a broader surface of attack.
Thankfully – whether in the office or remote – these improvements will pay dividends. Every step an organisation takes to ensure home working is more secure will implement principles and ideas that will be beneficial in the office environment too. Improved security for log-in, collaboration and file access, as well as improved responses to cyber threats will pay long term organisational dividends regardless of the working environment.
Organisations that achieve these security principles across remote and centralised locations will be best placed to securely handle the revolutionary home working-culture that will inevitably be part of business life well after this pandemic has receded.
To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922