When the Security of Your Own Home Isn't Enough

2020 has brought about a whole new range of challenges for companies. A key shift was the sudden change to homeworking. With this decision being welcomed by many employees - 98% of people would like to have the option to work remotely for the rest of their careers – many organisations were not equipped to continue operations normally without major changes. On top of that, cyber criminals then took it upon themselves to target home workers, adding further worries of cyber security to companies already under strain. What does the current threat landscape look like and how can companies achieve security in a hybrid workplace?

With just under a 20-fold increase in malware since lockdown began, it’s unsurprising to note that 46% of organisations across the UK, US, France and Germany have suffered at least one “cybersecurity scare”. Though unsurprising, this is still troublesome as due to the nature of the environment, many employees have had to use personal devices or networks which means that the organisation’s IT department has little oversight of the hardware’s security. Cyber criminals are aware that numerous organisations are now susceptible to a range of risks, including insecure Wi-Fi connections, potentially vulnerable software and credential-stuffing attacks.

In fact, 51% of organisations have recorded an increase in phishing attacks since the lockdown began. Phishing attacks are a type of social engineering, often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted contact, dupes a victim into opening a message, whether that’s email, text, instant message etc for their own gain. With communications having become more online, employees are more used to requests being sent via message in one format or another. Therefore, these phishing attacks seem less out of place and more likely to be successful. Furthermore, phishing email attacks related to Covid-19 increased by 600% in the first quarter of this year. They played on created panic and urgency for recipients, encouraging them to provide passwords on malicious domains.

With homeworking comes collaboration tech services. The likes of Teams and Zoom have been so useful to keep companies connected – Teams alone has increased their user base by 500% alone making this type of technology a hotspot of activity. The hubbub and communications have been noticed by cyber criminals, with a whopping 630% increase in attacks against these tech collaboration services. Perhaps predictable, Zoom’s latest security incident resulted in half a million account details listed for sale on the dark web.

This huge increase in cyber crime has certainly not gone unnoticed. The NCSC (National Cyber Security Centre) has also taken down more than 2,000 coronavirus-related scams since the pandemic began. So how can business' ensure they stay protected and compliant with regulations?

• Endpoint security is a critical concern for business leaders, because most of the compromises and infections happen at end-user devices making endpoint security vital in securing a company. Endpoint security protects entry points of end-user devices such as desktops, laptops, and mobiles from being exploited by criminals. Endpoint security systems guard these endpoints on a network or in the cloud from threats. It has grown from traditional antivirus software to providing comprehensive protection from sophisticated malware and evolving zero-day threats.
• Communication with employees is key. Employees can be the weakest point in a company from a cyber security point of view with phishing attacks on the rise, but with education they can be your strongest protection. Update your employees with the latest knowledge, let them know what scams are present and how they can flag them to the rest of the business. Furthermore, protect systems that are used for daily communications such as emails...
• Email security offers a strong first layer protection to avoid infected emails, or phishing emails even reaching employees. Technologies such as Mimecast will strip emails of malicious content so even if they are clicked, there is nothing to infect the systems with. This technology can be fully customised whereby admins create rules and set up monitoring to ensure they have full vision of company IT from a security standpoint. Very important when employees are scattered in various locations.

An MSP such as SysGroup will help you to ensure daily business activities work with your security needs. 24/7 monitoring by a UK based helpdesk ensures that someone is constantly watching over the safety of your business and should the time come where a threat is present, prompt and swift action can be take to resolve the problem.