COVID-19 has revolutionized how we conduct business operations in unprecedented proportions. We talked to a few stakeholders in cybersecurity, one of the most affected areas, and here's what they had to say...
When the pandemic hit early this year, IT experts predicted two possible scenarios. The first was a sharp contraction in transactions across all industries because most companies would be forced to close down for safety reasons. At the other end of the spectrum, businesses would promptly adapt to the new challenges and integrate IT to enable their staff to work from home. The latter, which would see organizations adopt a mobile workforce to sustain basic operations, has since become the new normal. It has saved many firms from losses and total collapse. However, it also has its drawbacks, especially on cybersecurity issues.
How Does a Mobile Workforce Pose a Security Threat?
With this work-from-home business model, there's the challenge of safeguarding corporate networks from intrusion. As of April, cases of cyberattacks were already up by 37 percent. Cybersecurity specialists primarily attributed the increase to workers using unsafe PCs in unprotected home work-environments. In response, several executives decided to allow their staff to carry in-office computers and other devices home. This move has since elicited mixed reactions.
Is It Appropriate for Employees to Operate Remotely Using Work Gadgets?
Guy Baroan (Baroan Technologies) thinks that "This should definitely be encouraged." Why? Because having a business-provided computer means that it will be more protected through the local IT group and only have the business software on it. Typical home devices have multiple users, from kids to parents and even guests. Besides, they often do not have the same level of protection as in-office systems.
If the remote user were to access corporate networks via home devices, this would expose the organization's systems to an array of unchecked threats. This, according to Baroan, makes it "better to have the employees bring their computers from the office." His sentiments are echoed by Mike Shelah (Advantage Industries), who adds that using company-owned computers "assures regular updates and forces the end-user to access private data via encrypted VPNs."
When using company-given gadgets, it's still critical to implement standard cybersecurity protocols. Ironically, we found out that 34% of businesses disregard primary measures like staff phishing training and 2FA, even during COVID-19. Mike Shelah thinks that the percentage could be higher. He blames this on the organizations imagining that they are too small to be targeted simply because they haven't been attacked before. The truth is that everybody is a potential target. To be safe, each company must have elaborate preventative measures and fast-response protocols.
What Are the Most Crucial Cybersecurity Measures for Small- and Medium-Sized Enterprises?
- Use of VPNs: According to our data, the most prevalent cybersecurity protocols among small- and medium-sized businesses are enterprise VPNs and secure Wi-Fi networks. Why are these safety measures critical to the companies' cybersecurity? It is essential that if there's a need to connect remotely to the office over a wireless network, it should be locked down and adequately encrypted. If the connection is not well-secured, anyone using it can snoop and capture your staff's credentials or the company's confidential information. That's why cybersecurity experts like Guy Baroan insist that every firm should leverage VPN services to secure their wireless connections and Wi-Fi networks.
- Phishing Training: Research by Pensar shows that 95 percent of successful cyberattacks stem from phishing scams. The same report indicates that 53 percent of business leaders and 45 percent of employees lack basic training on phishing and cybersecurity risks. Even the least practical cybersecurity awareness training can reduce incidences of breaches by up to 70 percent. A well-done training program includes pre-assessment to identify weak points and cybersecurity literacy lessons on proactive and reactive measures. Most service providers have now integrated simulated phishing attacks to test levels of preparedness.
- Two-Factor Authentication: Doug Smith (BlueHat Cyber) asserts that besides 2FA's security benefits, it is also popular because of its "ease of implementation, use, and management." 2FA is an additional layer in the access verification process. If bad cyber actors steal your login credentials, they still need physical devices like phones/tokens to enter your network. Progressive AD MFA protocols even allow administrators to deny or allow access privileges directly from the console.
Health authorities have warned of a second wave of COVID-19 that could be even more severe. Some say the disease is here to stay, and we must learn to survive with it. What this means is that cybersecurity stakeholders must re-imagine how they approach the protection of corporate networks. They must have long-term strategies to secure remote work environments because the mobile workforce is here to stay. For organizations to survive, they have to align with this new way of doing things.
See Campaign: https://www.msptechnews.comContact Information:Rick Martin
MSP Tech News