The pandemic has changed how many companies operate in a short period of time. Over the last year we’ve witnessed most organizations with office-based workforces having to transition to remote working. Now, with the UK government’s roadmap out of lockdown underway, it is predicted that employers will strive to keep the element of flexibility by moving to hybrid working models.
Remote working has been shown to have many benefits for both employer and employee – some studies show it can have a positive effect on productivity, with employees reporting they are often able to get more done. It is then unsurprising that remote working appears to have increased in popularity over the last year, with a survey in 2020 revealing almost 90% of respondents wanted to continue working from home in some capacity moving forwards.
With many companies looking to keep remote working an option, there are various cybersecurity challenges IT security teams must tackle, without disrupting workers and degrading their productivity. This article will look through some of these challenges and recommend steps business leaders can take to defend their organization against any associated threats.
Collaboration tools: A ticking time bomb?
Remote working means that employees are spread out over several locations, a very different situation compared to the typical centralized office environment. To avoid miscommunication and to make collaboration on work projects easier, organizations have relied heavily on cloud-based collaboration tools such as Slack, Microsoft Teams and Zoom.
The use of Microsoft Teams alone has increased by nearly 900% since the beginning of 2019, whilst Zoom’s revenue soared by 326% in 2020. These third-party applications have quickly grown to define the remote working experience over the last year, with the term “Zoom fatigue” being widely used in reference to the over-usage of that collaboration tool.
Businesses should think carefully about how they utilize these platforms – starting with security. Many of the platforms, such as Microsoft Teams, do not come with built-in cybersecurity features, and don’t provide a way for data to be easily archived. In fact, Microsoft does not provide any guarantee of restorability – if a file is accidently deleted, it’s gone forever. This leaves a big gap for operations that need to ensure that they have a strong archiving strategy in place.
Additionally, IT and security teams must be aware of the vulnerability of these tools to phishing or social engineering attacks. Unlike email, files shared via collaboration platforms cannot be scanned for malicious links or other content. A good example of this is a Microsoft Teams phishing campaign recently discovered by Mimecast which consisted of 772 emails and targeted recipients mainly based in the US. Those targeted were sent fake email notifications asking them to verify their password or telling them they had been added to a project via their Teams account.
Similarly, another Teams attack discovered late last year was estimated to have targeted 15,000-50,000 people by the time it was detected, showing how widespread the problem can get. While collaboration tools are a great addition for businesses who need fast-paced communications, it’s important to remember that without the right security strategy and tools in place, they can easily do more harm than good.
Hybrid working models: Don’t neglect wider cloud security
The transition to remote working has also led to a surge in adoption of cloud infrastructure to help distributed workforces access the corporate network and operate from any location. Yet, a cloud approach should not be considered fit for purpose without relevant cloud security. Business cloud infrastructure left unprotected provides an additional surface area for cybercriminals to attack.
Over the past year alone, we have seen on numerous occasions what can happen if cloud security is neglected or not implemented properly. Numerous household brand names experienced data breaches which compromised customer information on their servers. Effective cloud protection needs to take into account all the devices employees are likely to use to fulfil their duties, including data stored in business’ numerous IoT devices, printers and photocopiers.
As they prepare for hybrid working models to become the norm, businesses need to ensure that their data management guidelines are still suitable to the company’s new working environment, based on the expertise of their IT and security teams. This is crucial during the transition back to the office to redress any risky behaviors employees have been adopting while working from home.
For example, our recent research found that 73% of Britons used their work device for personal use extensively, whilst 60% of respondents admitted their personal use of work devices had risen during the pandemic. Before welcoming employees back into their offices, companies should run state-of-the-art cyber awareness training to help their staff adopt the right behaviors upon their return.
This will reduce time spent by the security team resolving issues that could have been easily avoided and will provide a standard set of good practices for all employees to capitalize on – no matter their level of digital-savvy.
Ultimately, cybersecurity is centered around being prepared, through equipping a business with the right tools to strengthen its defenses. Threats are constantly transforming as criminals become savvier and more organized in their operations and targeting – and this is unlikely to change.
As remote working for some and hybrid for others is set to become a permanent reality, organizations should be proactive in laying the groundwork for these transitions by reviewing their data management and general security policies. Only then can they implement the right tools and training to ensure that their employees become their best assets in the fight against threat actors.