Pete Watson, CEO at Atlas Cloud discuses how how businesses can act to guard against a second wave of Covid-19 cyber-security attacks.
This year has brought the biggest-ever shift in working patterns, with hundreds of millions of people switching to homeworking due to Covid-19.
In 2019, only 5% of British people in employment – an estimated 1.7m people – worked mainly from home, according to official Office for National Statistics (ONS) figures.
During the pandemic an estimated 15.3 million people are estimated to have worked from home – around a nine-fold increase.
Now British workers are advised to work from home, following Government warnings that restrictions could last until March 2021.
Unfortunately, this seismic change in working habits has also created new opportunities for cyber criminals.
The National Cyber Security Centre warned that phishing scams rose by more than 600% in the early stages of coronavirus.
The International Criminal Police Organisation INTERPOL has said that it is “highly likely” that businesses will face a second wave of cyber threats this winter, as it warned of cybercriminals ramping up the frequency and sophistication of attacks to continue exploiting the vulnerabilities of home working.
In a survey of more than 2,900 office workers conducted by Atlas Cloud, almost two-thirds (63%) said their companies had made upgrades to hardware and/or software to enable productive remote working during lockdown.
However, less than a third of employees had received cyber security awareness training to mitigate the associated risks.
Only one in ten thought that training was comprehensive.
This highlights a stark “cybersecurity gap”, where employees are benefiting from technology upgrades but not receiving the cybersecurity training needed to protect businesses.
Another contributing factor to the cybersecurity gap is outdated, under-utilised company policies.
Nearly half of workers were unsure if their company has a policy covering remote IT usage, or believed that the company had none.
Businesses need to create comprehensive IT policies which also cover remote working, or bring existing policies up-to-date.
Easily accessible, well-known policies will raise employee awareness of best practice and guidance surrounding the safe use of workplace technology.
It will empower employees to understand the threats, minimise risks, and question and report any suspicious or risky activity.
The gap in cyber-security training and relevant IT policies is contributing to unsafe working behaviour.
A quarter of people have sent work documents to their personal email during the pandemic. This moves sensitive business information outside of an organisation’s control onto less well protected personal technology, increasing risk.
Protecting against cyber threats is crucial for business continuity.
As the expected second wave of Covid-19 cyber-attacks approaches, the cybersecurity gap must be urgently addressed.
No-one is to blame. Businesses and workers are facing a set of tests we’ve never faced before.
Organisations should now invest in cyber security training to run alongside tech upgrades, so that office workers can benefit from better technology, but also understand and help to prevent cyber threats.
The preventative measures that organisations can take include:
- Implementing secure, robust systems that still allow collaborative working,
- Clearly outlining rules about the use of new channels and tools,
- Upgrading email security, antivirus and firewalls.
- Applying encryption, multi-factor authentication, and web content filtering
However, these tools alone will not work without high levels of employee awareness and cyber-secure behaviour.
Businesses should also consider changing how they manage their IT and business information.
Many British businesses use a device-led IT model, where work and sensitive data is often stored on devices.
To enable safe remote working, businesses should move from device-led IT to server-led IT, with information stored on on-premise or cloud-based servers, and accessed via virtual or hosted desktops.
Server-led IT is important for business security in remote-working as it means staff can work safely on any device. It takes the control of business information out of the hands of individual employees on individual devices – where the information is most vulnerable – giving control back to businesses to retain ownership of their business information.
These measures will improve business continuity during this pandemic crisis, and will lay the foundations for a move to hybrid-working when it’s over.
Our research found that nearly nine in ten (87%) employees in the UK want the ability to work from home at least one day a week.
This isn’t the death of offices, though – going forward the majority of employees hope for a “hybrid working” model, blending remote and office work. Siemens, Nielsen, and Nationwide Insurance are just some of the businesses planning to implement this.
Empowering staff to safely work from any location will enable businesses to cope better during the expected second wave of Covid-19 cyber security attacks.
However, it will also create better businesses, a better society, and ultimately better lives for ourselves, our colleagues, and our families.
Read the latest edition of PCR’s monthly magazine below: