By Marc Botham, VP of WorldWide Channel & Alliances, Avast
The cybersecurity landscape
When the Covid-19 pandemic began, every business that could pivot to remote work to continue operations did so. Even industries such as education, healthcare, and manufacturing found ways to shift traditionally on-premise workforces to a work-from-home model.
After a year of remote work, many organisations have come to realise that not everyone has to be physically in the office during all work hours, making way for so-called “hybrid working”, enabling employees to carry out their workdays between the office and their own home. A recent Gartner survey reported that 82% of companies plan to allow employees to work remotely at least part of the time after the pandemic, and 47% will allow their employees to work remotely full time going forward.
The pandemic is a boon for cybercriminals, too
While this hybrid-work business offers clear benefits to employees, from flexibility to reduced time commuting, it also presents challenges for business security. While businesses pivoted to hybrid working models, cybercriminals moved faster to exploit new vulnerabilities and risks introduced by employees shifting from a secure workplace to an unsecured home, putting the security of corporate and personal information at increased risk.
To put the changing threat landscape into context, according to the latest Avast Global PC Risk Report, the overall chance of business users encountering a cyberthreat has increased worldwide year over year by 24% from 11.25% in 2020 to 13.9% in 2021. The report also found that business users have a 2.29% chance of encountering an advanced threat (it was 1.98% in the previous year). An advanced threat is a threat by a sophisticated attacker like those we saw in the Colonial Pipeline and Kaseya ransomware attacks earlier this year.
The reality is, hybrid working offers cybercriminals a whole new avenue of opportunities to exploit vulnerabilities of a weakened cybersecurity posture. With remote working, employees often take their company devices into their home or into public areas. Unlike enterprise-grade network infrastructure, the home network set-up is far less sophisticated in protecting against threats, leaving companies at risk of sensitive information being breached and employees at risk of devices being hacked. Likewise, businesses that adopted or plan to adopt new technology to deliver virtual services, enable remote employee communication and collaboration, support customer needs as business is conducted virtually, or handle other essential capabilities, should be aware these tools also expand the attack surface and increase cybersecurity risk.
Modern security for hybrid working
To protect your business from this growing threat landscape during the pandemic and beyond, companies must replace outdated security models and advice with modern security approaches fit for the future of hybrid work. There are few key actions that any business should take when making the shift:
- Get the basics right: Make sure your employees have the right the equipment and a good internet connection in their home offices
- Assess Risks: Carry out a full risk assessment of their home set-ups and try to see around corners to troubleshoot
- Install cloud-based cybersecurity: After assessing risk, ensure all employees and devices are secure outside of the office – one way to do this is with cloud-based cybersecurity solutions that protect against new and evolving threats in real time
- Keep systems and applications up to date: Hackers love capitalizing on unpatched software. Stay ahead with a patching solution that vets, automates, and deploys patches so you don’t have to
- Maintain quality support: Identify new support needs, such as video calling and messaging apps
- Bolster IT support services: Whether employees are in the office or at home, there is always likely to be technical issues along the way, IT teams will need to be responsive in real-time to deal with any challenges
- Develop a security first culture amongst employees: Ensure employees are mindful of the devices they’re using to access confidential work data. If for whatever reason employees have to use their personal devices to access work emails or files, they need to understand the risks, and should download mobile antivirus programmes to help them falling victim to malicious actors. If you must carry your devices with you, consider the risks of losing them and prepare for it. Encrypt confidential data to safeguard it.
Preparing for the future
As the remote workforce grows, unfortunately so do the security implications. Over the next 12 months, employees will continue to access corporate networks and the internet from home offices or locations “on the go,” and use a combination of personal and business smart devices. Together, his creates massive opportunities for cyber criminals to gain access via outdated software, unsecure routers, weak passwords, misconfigured cloud apps, human error, and more. Organisations must secure remote workers and devices wherever they roam. The same security posture they have in their office environment needs to be applied to remote workers and implementing that is one of the biggest challenges they face.