Authored by: Jacqueline Jayne, Security Awareness Advocate, KnowBe4
The outbreak of COVID-19 saw nearly every organisation across the world shift their people to remote work. This revealed the unpreparedness of the majority of organisations when it came to their cybersecurity practices or lack thereof. The requirement for remote working has continued in 2021 with many organisations introducing a slow return to the office, a split between home and the office or a situational location-based working environment.
When you are working without your IT support team down the hall or a colleague sitting next to you to check in with, a suspicious email received at home seems different somehow. Without the necessary cybersecurity education and awareness, organisations are unwittingly making it easy for cybercriminals to take advantage of the path of least resistance and increase their chances of successfully and illegally gaining entry to their systems.
According to a recent study conducted by cybersecurity firm CrowdStrike, threat activity throughout its customers’ networks has shown more intrusion attempts within the first half of 2020 than in all of 2019. This is a clear indicator that cybercriminals know that their opportunities have increased with people working remotely.
In 2020, organisations have been focused on productivity, managing their people remotely, keeping up engagement and they seem to have forgotten about cybersecurity which continues into 2021. Here are three reasons why this is a red flag:
1. WFH employees aren’t thinking about organisational security
Your average remote worker is sitting at a make-shift desk, trying to balance helping their kids with homeschooling, attending online meetings themselves, learning new digital workplace platforms, applications, and processes before they even shower for the day. Security is the last thing on their mind.
2. Cyberattacks focus on employees as targets more than ever
Phishing (malicious emails) remain the single-most used attack vector by cybercriminals that gives direct access to your organisations endpoints, credentials, applications, and data.
In a recent Stanford & Tessian report on the Psychology of Human Error, it was found that 88% of data breaches are caused by human error. It, therefore, stands to reason that an organisation would significantly reduce their risk by taking their people through an ongoing, relevant and engaging security awareness program which provided an opportunity for simulated social engineering to check their learning.
3. Attacks and scams are increasingly aligning with remote working
Cybercriminals conjure up scams that seem familiar to users. The use of shipping, billing, and banking stories, as well as the use of impersonated domains, business, and people, all have traditionally worked in their favour. New scams are being moulded around the current work circumstances. For example, we saw massive growth in Zoom-related attacks simply because of Zoom’s increase in popularity for business use in 2020.
In this alternate universe of work scenarios, we need to acknowledge that people need to not just work differently from the in-office ways used just a few months ago, but also we need to secure our organisations differently by putting some of the cybersecurity responsibility onto the user.
When the shift to remote work happened, we can confidently say that people were provided Work Health Safety checklists for setting up their working from a home desk. I wonder how many people were provided with a Cybersecurity Safety checklist for staying cyber safe at home?
Our interactions online have increased tenfold in 2020 thanks in part to Covid-19 which means the risk for falling victim to a cyberattack has increased the same. Staying safe online can at times seem too hard and as humans, we believe that it won't happen to us. It's not a matter of if, it's a matter of when.