Authored by: Wong Joon Hoong, Country Manager, Sophos Malaysia
Not only has the COVID-19 situation forced many Malaysian employers to set up their employees to work from home, and quickly, it has also highlighted the myriad cybersecurity issues associated with this new norm of working. While organisations scrambled to get on top of this when the Movement Control Order (MCO) was introduced, the new wave of getting people back into the office, will bring new security issues for IT departments to deal with.
KPMG Malaysia reports that 56% of organisations support remote working as the driving factor in ensuring business continuity during these unprecedented times. That said, latest statistics show Malaysia’s cybercrime complaints have increased by more than 90 percent during the MCO period. Thus, as much as remote working limits physical contact, it increases cybersecurity risks and poses major obstacles for organisations.
Remote working uses a decentralised structure, therefore strong endpoint security is essential. Employees working from home in a less formal environment may be more inclined to let their guard down on the security front and click on links they normally wouldn’t in the office. Just one wrong click from an employee may result in serious implications and losses – data, reputation, money – for the business.
Adding to this, many company-issued devices may not have been able to install or enforce software updates, which means an increase in unpatched network devices containing vulnerabilities, exposing organisations to cybersecurity threats. Before these devices re-enter the corporate network, organisations should implement a quarantine network to isolate these devices. The guest Wi-Fi function of the office network makes this easy to execute, while enabling productivity to continue with the added safety of being able to quickly block or disconnect insecure devices.
Many employees working remotely are using their own devices, not company-issued ones, which creates another security blackspot for companies potentially opening unprotected, or easily penetrated, doors for cyber-criminals to enter the corporate network. As such, organisations need to strengthen their internal cybersecurity infrastructures to identify and neutralize evasive threats faster. An endpoint detection and response solution that features a Live discover and response mechanism allows organisations to quickly respond to and resolve any potential cyber issues through one simple panel.
Having the right technology in place is only one part of the cybersecurity puzzle, whether employees are working from home or starting to transition back into the office.
Employees play a huge part in helping to protect themselves and the organisation from cyber-attack – whether working on their own device or on a company-owned one. IT departments must reiterate to employees the importance of upholding strict cybersecurity measurements, which are easily forgotten when working from home or during the novelty of returning to the office. Besides educating employees on cybersecurity best practices and raising awareness for identifying phishing and malicious links, IT administrators should provide easy ways for employees to report cybersecurity issues, such as an easy-to-remember email address.
While, thankfully, the imminent health threat of the COVID-19 pandemic is easing in Malaysia, the cybersecurity issues faced by organisations as a result of having either employees continuing to work from home or starting to transition back into the office, bringing devices with them, must remain top of mind for IT departments. A combination of next-generation security solutions, device management best practice and creating a cyber-aware workforce is imperative for every organisation to stay ahead of the cyberthreats that continue to bombard us during these times.