Every media report, research paper and press release of the last six months agrees: remote working is here to stay. But what does that mean for cyber security?
As the world of work has become more dispersed, cyber attackers have celebrated the dawning of a new age: one without perimeter firewalls and security teams on-hand for eight hours a day.
The rise of home working has widened the digital perimeter beyond head office, presenting an environment in which criminals - especially those who can leverage social engineering attacks - can thrive.
Home network risks
In the new normal, one mistake can compromise not just a single employee's computer, but an entire corporate network. Insecure home networks and shared devices mean that anyone in a house - not just employees - could expose a business to malware.
Nearly half (47 per cent) of IT leaders agreed that cyber incidents had increased at their organisation since the start of the pandemic.
If you take recent media reports at face value, it might seem that all the threats are outside your organisation; but not according to our research. IT leaders ranked employee behaviour as the number one cause for cyber security concerns in the new normal.
Poorly protected home networks (number two), weak passwords (number five) a lack of cyber risk training (number eight) and the growth of shadow IT (number 10) also appeared on the list.
Meanwhile, phishing, spear phishing, remote meeting software, insufficient means to monitor and manage the IT estate, poor endpoint security, mobile apps, lack of multi-factor authentication, and cybercriminals setting up fake VPNs are said to be the main technology-centric threats or behaviours.
The need to adapt
If organisations fail to equip employees with the right tools, policies, and training, a compromise or breach could bring the whole edifice crashing down.
The lesson is that firms should value security just as much as personal productivity amongst remote workers. Managers and employees need to apply the same sense of personal and collective responsibility to minimising digital risks to the organisation that they have used for limiting the spread of coronavirus.
