The COVID-19 pandemic has disrupted global health, the economy, and social systems. From emptying office spaces to dispersing the workforce, corporates have yet ensured seamless delivery of services. However, remote work environment has also led to a surge in unseen threats in the digital space. Threat actors are prying on potential victims to deploy cyberattacks on home and public networks.
By Pooja Tikekar, Feature Writer, CISO MAG
Corporates are addressing several cybersecurity concerns to protect personal data and information systems. Some of the key concerns include:
1. Security of Remotely Located Devices: The drastic shift to remote working has led to a rise in the use of personal devices for business operations. Leaving sensitive data and work-related documents on unsecured devices could result in data leaks. According to a study from HiveIO, nearly 85% of organizations anticipate a larger remote workforce will threaten operations because of new risks, while 22% fear increase in business costs to support remote staff. IT teams are undertaking security measures to protect computers from malware.
2. Weak Remote Access: Now that employees are working from home, security professionals need to ask: How many employees use company VPNs when working from home? According to a survey conducted by CISO MAG, only 70% respondents stated that they were using company VPNs to securely log into the company network. Corporates need to encourage all employees to use VPNs for a secure connection, as communication through home or public networks could pose a greater risk as they are carried over untrusted networks. It could also result in exploitation of client and user credentials to collect sensitive data. It is essential for security teams to deploy secure multisite remote access servers dispersed at various geographic locations.
3. Improving Incident Response and Cyber Hygiene: According to a study conducted by Barracuda Networks, almost half (46%) of global businesses have encountered at least one cybersecurity incident since shifting to a remote working model. Security teams are advising remote employees to maintain a good cyber hygiene and asking them to keep their devices up-to-date, patched, and protected. Organizations need to ensure they have a best-in-class remote patch management solution to overcome a security breach. Implementing two-factor authentication (2FA) where possible will also go a long way in preventing data breaches.
4. Cyber Risk Mitigation: Phishing emails sent in the name of the World Health Organization (WHO) continue to be popular among hackers and cyber scammers. To mitigate cyber risks such as phishing campaigns, third-party apps, and malicious adverts, CERT-In has published an advisory urging security teams to stress the avoidance of clicking on links and attachments in email. IT administrators are also advised to monitor outgoing traffic to prevent cyber infections from occurring.
5. Amendment to Business Continuity Plans: Since employees started working from home, the Zoom videoconferencing app found itself millions of users. Unfortunately, its popularity led to increased cyber risks such as password theft. Cyble was the first cybersecurity firm to discover Zoom credentials being stolen and sold on the dark web. It found more than 500,000 Zoom accounts on hacker forums. To avoid the recurrence of such threats, organizations are now devising a holistic business continuity plan (BCP) and making amends to their standard operating procedures (SOPs) for work-from-home employees through a company-specific communication channel or other channels such as MS Teams, Google Meet, and Skype.
Considering all the above concerns, loss of client or organizational data cannot be risked in the current uniquely challenging environment. It is a crucial time for organizations across all industries to be alert and address the adequacy of their cyber policies.
About the Author
Pooja Tikekar is part of the editorial team at CISO MAG and writes on cybersecurity trends and news features.