WFH cybersecurity best practices are virtually non-existent in 49 percent of businesses. The sudden shift to remote working in early 2020 caught many businesses off guard, with most businesses prioritizing ‘getting things done’ over IT security.
WFH Cybersecurity Threats Continue to Grow
Working from Home (WFH) suddenly became the new normal at the beginning of the pandemic. According to many news articles, WFH adversely affected the cybersecurity practices in the majority of businesses.
For many businesses, especially small and medium enterprises, cybersecurity was never top of mind. The shift to remote working added a layer of complexity to their business, but cybersecurity certainly wasn’t one of those complexities.
As a result, it became the responsibility of individual employees to measure their cyber risk and take their own cybersecurity precautions.
Do They Actually Measure their Cyber Risk?
As employees learned to embrace WFH in early 2020, they increasingly adopted cloud-based apps. Microsoft 365 or Google Cloud for email and productivity, Dropbox for storage, or Canva for graphic design.
Cloud-based services had been changing the software game for almost a decade, but their usage picked up steam in 2020. These services not only improve efficiency, but also reduce operating costs. So much so that 75% of business owners say their reliance on cloud-based apps is growing.
When businesses provide their consent to work with cloud-based apps, employees assume that those apps are secure. They assume that their work is protected, and the assume that their data is not vulnerable to prospective attacks.
That’s where the problem lies. The confidence that any solution is secure.
Sacrificing Cybersecurity to ‘Get Things Done’
As soon as a device joins a new network, like a home network, a new risk is presented. As soon as a user adds new apps to a device, a new risk is presented. Each change presents a prospective opportunity for an attacker to access a device and an employer’s network.
The IT community calls these informal, unapproved additions to an employer’s network or devices “shadow IT”. Shadow IT includes the use of any systems, devices, software, applications, and services without explicit IT department approval.
For those companies without an IT department: shadow IT is the only IT.
A study conducted by Verizon indicated that 82% of companies indicated that within five years their company will rely on more networks it doesn’t own (like home broadband and cellul
ar networks) than ones it does own. The same study indicated 75% of businesses sacrificed mobile device security to meet deadlines and achieve business goals. This in the face of ever-increasing cyber threats.
In parallel to the trend toward shadow networks, 75% of organizations indicated they succumbed to a cyberattack. 53% of companies indicated the consequences of a breach were major.
The business world is experiencing a strange phenomenon: the need to ‘open’ networks up at exactly the moment when networks should be made more secure.
Securing the Hybrid Work Environment
According to Microsoft, the WFH changes introduced by the pandemic brought the world to the brink of a great disruption. The shift to remote work opened a gateway to a new working model: hybrid work.
This blended model expects some employees return to the workplace, others to continue to work from home, and a third group that may work in both locations.
The reality is: the WFH phenomenon is here to stay. 78% of business leaders indicated that WFH would remain high even when COVID-19 infection rates decline and personnel could safely return to offices.
The question becomes: how do businesses secure their networks and allow employees to work remotely?
4 WFH Cybersecurity Actions
Small and medium enterprises may find themselves fretting about risk and remote working. There are small steps that any business can prioritize in order to make it safer to work from home.
- Make privacy a priority.
- Establish a single point of contact for IT decisions.
- Deploy tools to keep your business secure.
- Provide basic training about cyber threats.
Making Privacy a Priority
If your business collects, retains, or relies on sensitive customer data, make data privacy a priority. Any data that can be ransomed is desirable to cyber attackers. Plus, your business might be liable to customer litigation if they suffer from the results of a privacy breach on your network or devices. Making privacy a priority by selecting secure passwords, 2FA and among other security measures establishes a frontline defense against cyber attacks.
Establish a Single Point of Contact for IT Decisions
Even the smallest business can keep a record of the devices, apps and network tools operating in WFH setups. Creating a single point of contact who retains records and provides permissions, can establish a chain of communication should a cyber attack occur.
Deploy Tools to Keep your Business Secure
Many small and medium businesses don’t know that there’s more to cybersecurity than Anti-Virus (AV). There are so many other options to prevent or detect an attack before it steals sensitive data. From VPN tools to firewalls to endpoint security solutions, cybersecurity can get complex.
The most important step to take when deploying security tools is to run updates regularly and monitor detections as they occur. An out-of-date or unpatched tool is as good as no tool at all. An unmonitored tool is a placeholder. Tools only keep a business safe when they are maintained and monitored. If you don’t have the capacity to monitor, find a solution provider who can.
Provide Basic Cybersecurity Training
Every workforce is different. Not every person is digitally adept of technologically savvy. That’s why providing basic cybersecurity education is important. Simple information about what to look for and when can prevent an employee from responding to phishing attempt, or downloading a potentially unwanted program (PuP).
WFH: Keep Your Endpoints Secure
No matter the size of your business or the location your staff is working on planet earth, there’s one fundamental cybersecurity truth: every device is vulnerable to a cyber attack.
The best defense is anticipating and planning for an attack, and deploying a cybersecurity solution capable of identifying strange activity before it becomes problematic. For those businesses without a formal IT staff, a managed cybersecurity solution is key. This way, you can outsource cybersecurity managed and find peace of mind in knowing someone is looking out for your online security.
CYDEF’s managed endpoint detection and response solution, SMART-Monitor, keeps tabs on endpoint and network activity when you don’t have the capacity. Contact us to learn more about how SMART-Monitor compliments your business.