The past year has seen a surge in cyber attacks, but that doesn’t mean that the worst is over. Not only were global economies ravaged by COVID-19 during 2020, but untold damage was done by cyber hackers, who showed they have no ethics or morals and attacked as many institutions as possible, including hospitals and vaccine manufacturers.
As the pandemic is not likely to subside any time soon, and the way of working has changed, people will continue to largely work from home. COVID-19 was the catalyst for a new approach to work: staff are no longer expected to be office bound and are able to work remotely.
This, however, has security consequences and companies are being attacked through seemingly simple, yet vital, business applications such as email, with phishing attacks continuing to be an issue, despite the fact that this is a fairly primitive form of cyber assault.
Spoofing on the rise
Spoofing is also on the rise, with criminals creating fake websites that look like the real thing to entice people to enter log in details, which are then taken and used to gain access to key accounts, such as your virtual private network, or bank accounts.
Such scams are not likely to decline for the simple fact that people are not interacting face-to-face and are heavily reliant on technology to communicate, which isn’t always sufficiently protected.
For example, many companies may be operating with out-of-date antivirus systems because they simply cannot afford to renew licenses in the current economic climate.
In addition, firms – especially in the small and medium enterprise sector – were simply not prepared for the move to working from home. People needed to optimise workspaces in their homes, and in shuffling the dining room around to turn it into an office, certain aspects were overlooked, such as firewalls.
One security tool that should be implemented as a matter of course is a virtual private network, with at least two-factor authentication – one of which will run through a smart phone as people are unlikely to share that. This will ensure a safe login to a company network, and keep confidential company information a step away from prying hackers.
Investing in endpoint management and tools that assist with vulnerabilities will also provide employees with some level of protection when they are working from home.
Handsets are easy target
The bring-your-own-device movement may have stalled at people receiving emails on their phone, but the reality is that we can now pretty much work from anywhere from our mobile phones.
We can take part in webinars, have an online meeting, and answer emails while waiting for our car to be serviced at a dealership. Despite being able to be productive from anywhere, most people refuse to accept that they do business on their phones, and have not implemented adequate security measures.
Handsets are an easy target and one that is increasingly becoming attractive to hackers as they can penetrate quite a bit of a company’s business in this way. Smartphones need to be as protected as your laptop is, at the very least.
In addition to basic security measures, companies need to take their staff through rudimentary awareness courses, so that they understand the risks and how to, as far as possible, prevent an attack. Passwords should also expire after 30 days, and employees should be forced to top change their entry keys.
Best practices need to be outlined in an up-to-date policy document, and that policy must be applied across the board. No exceptions for anyone, not even the Chief Executive Officer, as this leaves gaps that hackers can penetrate.
And when the inevitable happens, firms need a response and recovery plan that details who is responsible for what action, and how to quickly shut the hacker down with as little damage to the company as possible.
Role of executives
Regular audits to track and report on attempted penetrations should also be carried out. Executives need to know what is going on so they can answer questions, especially from media, and also see how vital IT security is.
There are, however, very simple solutions that can be put into place. One option is to outsource your ICT security to a reputable provider, one who is happy to provide a service-level agreement.
Another is to move as much as possible to the cloud, because this will allow for automated security updates. However, the cloud provider you choose should offer the best security possible: there’s no point in moving to the cloud to solve problems if you create new ones.
Human resources also needs to be as involved as possible. If someone quits, IT needs to know about it so they can prevent the unauthorised removal of key company data, and ensure that the employee leaving cannot access any company files or emails after they have left the building.
2020 was a tough year on many levels, but 2021 is going to be just as difficult when it comes to keeping your organisation safe from hackers. Now is not the time to take any risks or let your guard down, even if business is slower than usual.