Remote Cyber Security: Risks & Management
Remote working amidst the pandemic posed many challenges to businesses, small and large, across all industries. Whilst many already practiced flexible working to some degree, COVID-19 caught even the most prepared and organised businesses off guard. As a Cyber-Security Specialist Consultant, I’m aware that for many businesses the debate around “security cost versus cyber risk” is prevalent, and it often takes a serious breach or attack to encourage companies to implement complex and effective security measures, which can be costly, but fundamental to protecting businesses. This is even more important during the pandemic, which has seen a spike in cybercrime.
In April, WHO reported a fivefold increase in cyber-attacks against their organisation, having experienced a security breach whereby 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response. Additionally, there has been an increase in scammers impersonating WHO in emails to channel donations to a fictitious fund and not the authentic COVID-19 Solidary Response Fund. If large organisations like the WHO experience cyber attacks like this, what does this mean for everyone else?
Statistics show that there has been over £16 million lost to online shopping fraud during lockdown with people aged 18-26 most at risk. There has also been an increase in phishing text messages posing at the government and issuing fines to people for apparently breaking lockdown rules, and fraudulent tax-return messages to the self-employed. These text messages claim that people owe the Government money or that they might be eligible for a tax refund and request payment or financial details in order to steal this sensitive data. As people find themselves in vulnerable positions, they are more susceptible to these fraudulent messages and are at a higher risk or falling victim to crimes. Businesses are also continuing to receive similar phishing emails, requesting sensitive information or return phone calls which end up costing huge amounts of money.
William Altman, Senior Analyst at the Global Cyber Centre of NYC, suggested that "Organizations of all kinds are facing an uptick in email-based threats, endpoint-security gaps and other problems as a result of the sudden switch to a fully remote workforce,” as many businesses are not aware of the risks associated with connecting remotely. Common security issues that require management include:
· Increased phishing emails and cyber attacks
· Compromised credentials
· Public Wi-Fi networks or insecure home broadband
· Increased use of personal devices
The NCSC advise all businesses that, “whilst mobile working and remote system access offers great business benefits, it also exposes new risks that need to be managed.” Business leaders should establish risk-based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers. This includes educating staff and maintaining awareness of how to identify a threat and mitigate risk and how to protect data in transit and in rest. Additionally, businesses might apply a secure baseline build and configuration for all remote business devices.
With the importance of cyber-security more important than ever before, I have reached out to my network and am in the process of organising my first webinar around how businesses can identify and manage the increased risk surround cyber and information security when working and connecting remotely. Get in touch to register your interest or follow Maxwell Bond on LinkedIn to keep up to date with our upcoming events and webinars.
Sources:
https://www.techuk.org/insights/news/item/17071-strengthening-cyber-security-when-working-from-home
https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security/the-10-steps/home-and-mobile-working
https://www.itgovernance.co.uk/blog/the-cyber-security-risks-of-working-from-home
Founder of Maxwell Bond - The Tech, Digital, Sustainability & Renewable Energy Recruiter of choice!
4 年Nice work Jake Adshead