In 2020, businesses had to quickly switch to remote work. After making this change, some companies are now looking at having a virtual workforce for at least the next year, and many are thinking about it for the long haul. However, even with the benefits of remote work, there are also risks, including cyber-security threats.
According to MIT’s Sloan Review, the shift to remote work presents an opportunity to prepare for “the new cyber normal”. While firewalls and other network security concerns are still important, it’s equally imperative to consider the new time and productivity pressures on IT security teams, as well as possible third-party threats from service provider, vendor or client systems.
The number of cyber-attacks is soaring, with complaints to the FBI tripling since the pandemic started. Hackers are finding their way into corporate systems through vulnerable work-from-home setups.
Even more troubling is the increase in phishing schemes. In times of fast change people are distracted and routines are disrupted. It is easier than ever to lure someone into clicking on a link or opening a file, especially since phishing emails ploys are growing more sophisticated.
Hackers have always relied heavily on “social engineering” to trick unsuspecting users into revealing sensitive information. Now that workflows are disrupted, email volume is heavy and even savvy users may be taken in by spoofed messages that appear to be from internal sources.
Because so many threats do arrive by way of phishing it’s important to get staff fully on board with cyber-security monitoring. Organizations need to make sure staff understand their role in fending off cyber-attacks. Employees who are positioned as stakeholders in cyber-security will be a vital part of security monitoring going forward.
According to research, the majority of insider threats against security are not done maliciously, but instead accidentally, due to lack of training. However, given sufficient background knowledge, employees will be the first ones to spot possible incoming threats and report them to the cyber-security team. The goal is to make cyber-security awareness a part of organizational culture, and the key to changing employee behavior is engagement.
Maintaining cyber-security is always a game of staying one step ahead, as risks often evolve as quickly as opportunities do. With a dispersed workforce and new threats evolving all the time, organizations should focus on building an infrastructure for dealing with new threats that will inevitably arise.