Are businesses prepared for the ‘return to work’ security risks?
Why putting measures in place to keep data safe as employees rejoin their
company’s network, should be a number one top priority.
By Stephen Burke*
As lockdown eases, many businesses are preparing for employees to return to work. But are their corporate networks ready, with adequate security measures in place, to ensure their systems are protected from the increased risk of a cyber attack owing to staff and their equipment working from home.
Cyber criminals are well aware of employee environments, and will target cyber attacks in areas that have become vulnerable. We saw this with the spike of phishing attacks themed around working from home and it will continue to evolve as workforces change their work practice once again.
When remote working descended upon the nation strong and fast earlier this year, some organisations were able to issue company standard devices with regularly patched antivirus security. However, for the majority, there was a frenzy to equip their staff with the required machines to enable a quick and adequate ‘working from home’ set up. As we now raise our heads above the parapet, we are seeing an abundance of employee hardware lacking necessary security and about to connect to their company’s corporate network, risking sensitive data being exposed to a cyber attack.
Computers used for remote working are likely to have confidential company data stored, have been shared with family members possibly visiting insecure websites or installing insecure software for example, with no guarantee that they have been patched and maintained over these recent months. The big question is: can these external devices be trusted back on to the corporate network?
Businesses need carry our risk assessments and put best practices in place before their networks are exposed. Firstly, staff need to share where company data has been saved and under which accounts, work or private credentials. Was it a public cloud environment like google drive, one drive, dropbox? This all needs to be disclosed to minimise risk, ensure data is safe and GDPR compliance is maintained.
Secondly, if employees have been sharing the devices with their house members, have they given away their password? Is the password the same across work accounts and personal accounts? What new software has been installed or removed and by whom? Were there any security warnings such as viruses being detected by anti-virus software? Has any confidential paperwork been printed at home and has it been shredded or dropped in the bin? Where employees have access to sensitive information, questions need to be answered before they rejoin an organisation’s network.
If a company allows all machines back onto their corporate network, they will need to rely on network monitoring and most critically, they will need to monitor the activities of the people within the network. It is the people who pose the greatest business risk if they have not got ongoing support in terms of cybersecurity awareness training. They are operating from within a company’s network on a daily basis, sending and receiving data through a multitude of access points. If left untrained, employees are a hackers haven, an easy access point to the entire network, surpassing any technological measures in place to keep them out. If trained, employees are your greatest line of defence – your Human Firewall.
There are various types of cybersecurity awareness available, but the ideal is to combine interactive cybersecurity awareness training content with a software solution that works hand in hand with your company’s IT infrastructure. Cyber Risk Aware offers “real time” intervention training, which identifies where employees are making mistakes and sends focused training material to help improve their behaviours, saving both money and time. Building a Human Firewall is the biggest defence against cyber attacks.
About Cyber Risk Aware
Operating out of London and Dublin, Cyber Risk Aware is the only company in the world to offer real time cyber security awareness training. Its platform leads the industry helping companies worldwide assess the level of human cyber risk in their business, by running real time simulated phishing attacks and cyber knowledge assessments to see where the risks lie in their business (user, department, office, country). Cyber Risk Aware is Microsoft Azure’s only Security Awareness Training Platform and is fully integrated with MS Azure’s Security Suite and Active Directory Environment.
Cyber Risk Aware also provides highly engaging and interactive CyberSecurity Awareness Training content and enterprise risk and compliance reporting so companies can demonstrate and meet their legal and regulatory compliance requirements in protecting proprietary and personal data, systems and finances. Cyber Risk Aware is the first company in the world to achieve GCHQ accredited security awareness training by the Chartered Institute of Information Security.
Thousands of companies use Cyber Risk Aware to provide a front line of defence against cyber criminals, significantly reducing the material risk of employee error via phishing, ransomware, CEO Fraud and Malware attacks.
About Stephen Burke – CEO and Co-Founder Cyber Risk Aware
Stephen founded Cyber Risk Aware in 2016, after a career spanning over 20 years in technology and security specialising as a CISO. In that time he found that most if not all security incidents are caused by human error at all levels in an organisation, no matter how good the technical defences were. Stephen founded Cyber Risk aware with the mission of making a genuine difference and helping companies and users at home from being victims of cybercrime.
Specialities: Security Education and Awareness Programs, Cyber Insurance, Network Security, Data Governance and Security, Malware Investigator and Incident Response, Risk Management, Security Behaviour Analytics. Security Architecture, Heuristic Security, Security Audit, Digital Forensics, Penetration Testing, Encryption, Wireless security, Security management, , Database as a Service, Internal Cloud Design, SAN Design, RDBMS Virtualisation and Consolidation, Disaster Recovery.