The transition into permanent remote working is inescapable now. Countless articles, morning talk shows and widely-shared social media polls have all indicated this irreversible trajectory. There is simply no recourse to ‘un-ring that bell’. What may have started off as a necessity to adhere to social distancing regulations is progressively becoming a preference, a lifestyle choice and the norm for swathes of the British workforce. Large corporations, from Facebook and Google to Capital One and Paypal, have broadened their work-from-home options and so too have small and medium sized enterprises: 43% of UK SMEs shifted into remote working within a week of lockdown measures being implemented in Britain. Moreover, nine in 10 employees wish to continue this arrangement post-lockdown. SME owners are likely to concede too, with 57% already considering remote working options in the long term.
Across the globe, employees and employers alike are recognizing the possible benefits that this new working environment offers. Chief among these, is the substantial reduction in costs. Businesses no longer have to spend a stupefying amount on office rent, and employees can swap cramped and overpriced flats in the city for affordable housing elsewhere; potentially even helping to add a new lease of life to the UK’s chronically underfunded regions. Long gone are wasted hours spent on long commutes, and for the most part, we are working a lot more productively. It is by and large a win-win situation for both parties.
The challenges of cybersecurity
As with any novel undertaking, however, a new set of challenges are beginning to present themselves. In this case, these challenges center greatly on cybersecurity. With the switch to remote working, a number of risks have emerged. For instance, one common mistake businesses make is leaving personal devices unsecured. Understandably, most cannot afford to provide each of their employees a corporate device decked out with the latest security software. Rather, they are required to trust that their employees abide by the same security protocols as they would in the office. Unfortunately, evidence has shown this to be a risky move, with home office networks being 3.5 times more likely than corporate networks to be infected by malware.
Often, employees do not adhere to the security protocols simply due to a lack of knowledge of the threats, which failure to comply can leave them vulnerable to. The move to remote working was so necessarily abrupt that many businesses did not have the time to implement clear policies and procedures, leaving employees to improvise. This creates a ‘perfect storm’ scenario for cybercriminals. We have already seen a recent ramp up in malicious activity: VMWare’s ‘Global Threat Report’ discovered that 91% of global respondents saw an increase in cyberattacks as a result of employees working from home.
From duping employees through phishing emails purporting to offer the latest coronavirus update to exploiting overburdened VPNs, bad actors are keeping a keen eye on our vulnerabilities to leverage these for their personal gain. So, what are some simple steps that businesses can take to improve their security posture?
Setting cyber hygiene standards
First and foremost, businesses need to set out a clear and easy-to-follow list of policies, as it is near impossible to correct harmful behaviors if people do not know what is or is not harmful in the first place. Alongside this, a company-wide culture of open communication needs to be fostered whereby employees can freely ask questions, and raise concerns or highlight suspicious activity to their security team.
Next is through meeting basic cyber hygiene standards. This includes ensuring all employees have installed an antivirus software, that they frequently update and patch their devices and employ network firewalls. Most importantly, employees should be taught to use complex passwords. Moreover, these should not be reused across accounts and a policy should be put in place to have these passwords changed on a regular basis. The easiest way to support employees with this is through having them adopt a password manager.
Reducing the threat of cyberattacks
Finally, businesses and employees working on home networks remotely would do well to secure their Wi-Fi access points by changing the default settings and passwords on a router to reduce the possibility of an attack from connected devices.
All of these security measures are laid out by the UK government in the Cyber Essentials scheme, which according to research by the University of Lancaster, has been found to mitigate 98.5% of cybersecurity risks. By following the process, businesses not only improve on their cyber readiness but can receive certification to demonstrate this to potential associates and customers as well.
SMEs typically lack the budget, expertise and resources to deal with cybersecurity on a good day. Now, many are compelled to do so whilst navigating an unprecedentedly tough economic climate, the ever-changing guidance issued around the Covid19 pandemic and a rapidly expanding threat landscape. While these steps may seem straightforward on paper, they can become quickly time-consuming and overwhelming. As such, SMEs should endeavor to find an understanding and compatible technology partner who can efficiently guide them through their journey to becoming cyber secure.
- Jamie Akhtar, CEO and co-founder of CyberSmart.