Remote work carries massive cyber risks. These top IT tips can help keep your workers secure

With the quick shift to remote work, employees found themselves working long hours in hastily thrown together home offices not designed for blocking modern security threats.

As a result, a recent survey indicates that 95% of security professionals are facing added IT security challenges due to the coronavirus. The three leading challenges were the provision of secure remote access for employees – one mentioned by 56% of respondents. Other top challenges included the need for remote access scalable solutions (55%) and remote employees finding and using untested software, tools and services (47%).

Such changes influence the risk posture of the organization, meaning how exposed the organization is to a cyber attack.

Maintaining a company’s previous security policies in this new age of the coronavirus is not viable. Companies must adapt their IT policies as swiftly to keep their staffers secure. In a recent analysis, COVID-19 Risks Outlook: A Preliminary Mapping and its Implications, the World Economic Forum warns, “We should prepare for a COVID-like global cyber pandemic that will spread faster and further than a biological virus, with an equal or greater economic impact.”

Understanding the new landscape of IT security challenges in the COVID-era remote workplace can better help companies protect their workers and their data. Such challenges include:

1. Social engineered attacks exploiting fear, uncertainty and doubt. 'Social engineering' attacks take advantage of workers' natural tendencies and emotional reactions to divulge critical information such as passwords. The pandemic has left employees increasingly vulnerable to these targeted phishing campaigns and malicious websites claiming to offer help and advice.

A recent survey by Check Point showed that organizations were being hit by a ‘perfect storm’ of increased cyber-attacks, while having to manage the massive and rapid changes to their networks and employee working practices during the pandemic.

71% of respondents reported an increase in cyber-attacks during COVID-19. The leading threat cited was phishing (55%) followed by malicious websites purporting to offer information or advice about the pandemic (32%). Increases in malware (28%) and ransomware attacks (19%) have also been noticed.

2. An exponential increase in attack surfaces. With the rush to enable remote access to corporate assets, many companies allowed connectivity from unmanaged home PCs in a shift to new 'BYOC' (Bring Your Own Computer) policies. Many of these home computers lack patches, updated best-of breed anti-malware, etc.

Additionally, mobile devices are now often allowed access to networks, and many apps are moved to cloud for scalability. This gap has created a dangerous opening for hacking and cybercrime. In May 2020, cyber security researchers saw nearly 200,000 coronavirus-related cyberattacks per week.

3. Employees are now their own CISO. With the drastic shift to work from home, living rooms are now part of a company’s perimeter, meaning the company network is borderless with staffers’ children having new access to networks and files. One simple mistake by a child can lead to data ending up in the wrong hands. In this situation, where data is more fluid, and everywhere, the risk of losing it exponentially grows, and can lead to a major breach which may result in bankruptcy or even worse loss of life in case of data alteration in critical infrastructure

Top tips to prevent the next cyber pandemic

The trends of the coronavirus have dramatically changed the way we work, and these changes are here to stay. When we change the way we work, we must adjust how we secure our work. Cyber security strategies must be revamped to meet our new reality.

Here are our top tips:

In times of crisis, companies must be agile and act swiftly. The shock of the pandemic may be fading, but its after-effects are here to stay, and the best way for all of us to stay connected is by being protected. The ‘new normal’ requires us to continue to change and adapt our security to our new ways of working.