Technology departments did serious heavy lifting in 2020 when the COVID pandemic shutdown sent millions of businesses scrambling to set people up with network access, security permissions and proper equipment for home offices.
They struggled to meet computer and peripheral equipment shortages, lack of lead time to procure equipment, and intense demands to educate and train people to use new tools and technology.
Some businesses quickly made the pivot, but many struggled and continue to face unanticipated challenges.
Cybersecurity is often a major blind spot, for example.
In a rush to transition workers to a remote environment, many companies didn’t realize they were potentially exposing themselves to cyber risks in the process, much less equipped with the tools to prevent it. Many overtaxed IT teams lacked the bandwidth to set up a cyber-secure Fort Knox in every employee’s home, nor did they prioritize funding and staffing that they would have needed to accomplish that.
Cyber Complaints Hit New Record
For some companies, that was a big mistake.
Hacking, phishing and ransomware attacks surged during the pandemic as bad actors were laid off from their jobs and had more time on their hands to attempt breaches.
The number of phishing complaints more than doubled in 2020 compared with the previous year, while extortion attempts jumped 76%, according to the Federal Bureau of Investigation’s 2020 Internet Crime Report.
In total, the FBI received a record-setting 791,790 cyber complaints last year, representing a 69% increase over the previous year. Those attacks cost businesses $4.1 billion in losses on top of the damage to reputations, loss of trust and reduced productivity.
How Secure Are You?
So here we are, over a year into this pandemic and just as businesses started to call everyone back to the office, some have already delayed in-person returns as the COVID delta variant causes surging infection rates.
Now is a crucial time to evaluate your long-term technology solutions as your business considers more flexible or hybrid workplace options and determines whether allowing certain employees to work remotely in perpetuity makes sense.
Giving your IT team more support is also critical so they can keep your business’s data and operations safe from cyber threats.
In addition to securing the physical office space and back-end servers and other technical equipment of your business locations, you now need to secure the physical and technical offices for every employee.
A company with three business offices and 250 employees now has more than 500 workplaces to secure between company offices and home offices. Not to mention countless devices and accessories, such as cell phones, tablets, cameras and printers.
All the cybersecurity, data privacy and confidentiality issues you faced before just got a lot bigger and more complex.
What You Should Be Doing
Do you have the proper infrastructure, policies and procedures in place? Probably not.
Conducting an audit of what you’re currently doing allows you to proactively look for holes, weaknesses and oversights that expose your business to risk.
A technology consultant experienced in cybersecurity and data privacy can work alongside your internal IT department on this exercise to create a roadmap and action plan for plugging those holes and ensuring your company is compliant with global, federal and state regulations.
In addition to assessing the security of back-end infrastructures like servers, you must also look at the front-end hardware like desktop and laptop computers and mobile devices.
Keep in mind that some employees may be using personal devices such as iPads or family laptops that present additional exposures. For example, suppose an employee is working on a project with sensitive customer data on the home laptop and is logged into the company’s cloud drive to upload files. In that case, it could pose a risk if they neglect to log out before allowing a teenager to use that same laptop to stream a movie with friends.
An oversight as simple as using the same password for multiple company portals can also pose a risk if that login information is compromised.
Three Major Risks For Remote Work
To create a more secure remote work system, your team should address the following three significant areas of concern: the physical, technical and policy safeguards that are in place.
Physical Safeguards
How are remote workers physically securing company equipment at home or in remote locations? If they are working from coffee shops or co-working spaces, are they securing equipment when they get up to use the bathroom or take a lunch break?
How are remote workers securing printed company and customer information at home or remote (e.g., locked file cabinets)?
Do non-employees (e.g., family members and friends) share computers or other devices that employees use for company business, and how are those devices secured?
Are employees properly disposing of printed materials, including confidential company, customer or client data/information at home or remote (e.g., with a paper shredder)?
Technical Safeguards
Do your company-supplied computers have the necessary security protections (e.g., anti-virus, patch management) and receive automatic updates?
Are your employees using unsecured personal computers and mobile devices to access your company networks and company information?
Are all PCs, laptops and other mobile devices encrypted?
Is multi-factor authentication deployed?
Are home routers and networks secure, including passwords and encryption?
Policy/Administrative Safeguards
Does your IT department have the right policies in place to specifically address the unique considerations of remote working?
Are you providing mandatory security awareness training?
What is your employee security hygiene? Do you have security practices that might lead to inappropriate access by family members (e.g., failure to log out, improper disposal of confidential materials)?
Do you know what unauthorized downloading of company and customer information is happening remotely?
Do you have appropriate policies in place for subcontractors and vendors with access to your network, servers, cloud storage and other files?
Do you have incident response plans in place for a remote breach?
Do you have sufficient cybersecurity insurance and coverage?
Reassessing your security protocols for a sustained remote work environment before a crisis or breach occurs is the best way to prevent those attacks in the first place.
Whether employees are working from company offices, home offices, coworking spaces, coffee shops or other locations, you have a responsibility to protect the security of the business and sensitive customer information. An experienced team of IT consultants can guide your company through an audit to uncover and close potentially risky technology gaps as we enter a new era of work.
Comments