How to manage cybersecurity risks when working from home

George O’Dowd describes how businesses face a three-pronged threat to their IT systems as employees work remotely during the COVID-19 crisis.

At present, businesses of all sizes are facing huge upheaval to their normal business processes, functions and operations.

These fast-changing times have brought about an array of new challenges for businesses, with many organisations forced to quickly implement remote working solutions to ensure business continuity.

That’s not to mention the ever-present cyber threats facing organisations.

In fact, with larger numbers of employees working from home and across various devices, it has never been more important for companies to consider the issue of security.

There are three distinct areas of enhanced risk which businesses must address during the coronavirus pandemic.

1. Ongoing IT system and infrastructure maintenance

While efforts have been focused on enabling employees to work from home, IT areas that were deemed as high-risk prior to the Covid-19 outbreak, remain a risk or are at even higher risk now.

With the majority of employees working remotely, there is a tendency to forget that these workers are still all connecting to core business applications and systems to carry out tasks and do their jobs. These applications are dependent on infrastructure such as servers, networks and firewalls, all of which work together to host secure connectivity for employees and customers.

Any system failure or attack on the company IT infrastructure has the potential to lead to significant IT downtime, greatly compounding the current crisis facing businesses. In the event of a core system failure, all remote working staff would be cut off and entirely unable to work, having an organisation-wide impact on productivity, customer service and service delivery.

 Furthermore, the time it would take to procure and replace infrastructure is greatly increased due to the current situation. The restriction of movement of people and the severe impact on supply chains could lead to prolonged, costly and potentially catastrophic system downtime.

2. Unsecure remote working solutions

Additionally, a greater risk is posed by remote access systems which have been set up with the mindset of: “get it working now, worry about security later”. However, now is the time for businesses to prioritise the security of their remote working solutions and consider factors such as:

  • Authentication – Is my business using two-factor authentication for access to a secure VPN (virtual private network)? Or, is a free, quick and easy remote access solution in place with untrusted and unsecure access controls?
  • Devices – Are my employees equipped with company devices with encryption, anti-virus and a managed vulnerability and software patching service,installed? Or are users accessing the company network and data from home PCs and laptops with unmanaged security and which are shared with other family members?
  • User awareness – Has my business provided refresher security training to all employees? Do we have the safeguards in place to counteract the fact that people will not have the same levels of cybersecurity awareness and discipline at home?

Organisations need to consider all of the devices used to access their network and equip staff not only with the tools they need to securely work from home, but also the knowledge to identify and respond to cyber-attacks.

3. Increasing cyber attacks

Current reports indicate that thousands of new Covid-19-related malware and scam websites are being registered daily.

In March, the World Health Organisation reported double the usual number of cyberattacks on health organisations across the globe. Whether or not employees are less alert to threats when working from home, cybercriminals are banking on this and developing thousands of new scams to exploit this attitude.

Tailored coronavirus scams which feed into people’s fears about the pandemic, also inevitably heighten the risk of a potential breach. The subsequent reputational damage and cost implications of such an attack and loss of data would be amplified in the current climate and could be a critical blow for many businesses.

These are unprecedented times and for many businesses, their very survival is at stake as they adapt to entirely new circumstances. While organisations are vulnerable right now, it is important they don’t take risks in relation to security and neglect the ongoing upkeep of their IT or cut corners on securing remote working solutions.

An attack or failure of core systems that would take all employees offline could even prove fatal for businesses.

At this time, it is vital for companies to continue to heed the advice of their IT manager and remain in contact with their IT specialist.

By carrying out a fresh risk analysis and review of critical infrastructure, firms can mitigate the enhanced risks posed by the Covid-19 crisis.

Man in dark suit with red tie.

George O’Dowd is managing director of Novi, a secure IT and cloud service provider that is passionate about helping customers grow through better, secure and more reliable IT.

Published: 23 April, 2020