For many businesses, remote working has been a necessity over the past year. But now that we’re seeing the light at the end of the pandemic tunnel, offices are beginning to reopen. While a positive development for everyone, it poses challenges from a cybersecurity perspective that business leaders need to address.
What threats do businesses face with employees returning to the office and how can they be mitigated?
More than half of IT leaders are of the opinion that staff have developed bad cybersecurity habits during the pandemic, which could result in data breaches and infected devices or malware impacting the business. What’s more, 39% of employees admit that they follow different cybersecurity behaviours at home than in the office, which could mean they are bringing these bad habits into work with them.
The dangers of staff ignoring company protocols when it comes to digital security could be incredibly detrimental to the business as a whole. Not only are cybersecurity attacks expensive to fix, with malware attacks costing thousands on average to resolve, but it can be devastating to your business’ reputation too.
Businesses need to reiterate the importance of following strict security practices, both at home or on-site, whether it’s determining which information can be accessed from personal devices, implementing user identity and device trusts, and encouraging staff to change their passwords.
When it comes to security risks, human error is often the weak link. Insider threats are posed to businesses by current or former employees. These threats are not always malicious in nature, but with many organisations forced to furlough staff, cut hours or make staff redundant, there’s a chance that employees may be looking to retaliate through data theft or modification. Whatever the cause, insider threats can result in potential data loss or theft, or unauthorised network or database access.
Leaders need to provide up to date security awareness training for existing employees which should highlight the importance of phishing prevention, changing passwords and the legal obligations regarding data protection. But there’s also a need to review accounts and shared resources if employees have left the company, or review user and activity logs for any irregular behaviour.
Security threats are always evolving, and businesses will need to anticipate new threats as a result of the pandemic. Now that employees are returning to the office, there’s a risk that they will come up against new attack attempts that they’re not prepared for. Remind staff about phishing campaigns and the likelihood of attackers preying on COVID-related anxieties, so that they are aware. Taking time out to provide up to date training can help to re-educate employees and keep the issue at the forefront of their minds.
Attackers seek to garner an emotional response in order to gain access to networks or gather sensitive information and credentials, so staff need to be vigilant for suspicious emails or senders. It’s also important to carry out a business-wide password reset and implement multi-factor authentication for added protection against any upcoming threats.
Part of the reopening process will be undergoing security audits to ensure your business has maintained adherence to compliance standards. Preparation is the key to a successful result, and companies can achieve this by taking a tick box approach to ensure they’re checking off all standards for cybersecurity.
Review the latest compliance standards to ensure that your business is operating as it should and update your security guidelines so that employees can follow the right protocols and security policies. From user account policies and safeguarding measures to your incident response plan and disaster recovery, IT leaders need to review every aspect of cybersecurity within the business to ensure its relevant and current.
For many industries, returning to the office could also be returning to life on the road, such as travelling to client meetings or attending conferences. But cybersecurity doesn’t cease to be important simply because staff aren’t physically in-house, and now that employees are working away from home, the policies your business has in place need to be reassessed. Secure travel behaviours need to be reiterated, such as protecting screens from ‘shoulder surfing’ when they’re working in public, switching off Bluetooth and ensuring they use VPNs to protect the network and data from unauthorised access.
Cybersecurity needs to remain a priority in order to reduce the risk of security breaches, data loss and ensuring your business remains compliant to the relevant standards. From maintaining secure password management, providing up to date staff training to identify threats early on, and keeping security guidelines up to date, there are several ways that businesses can keep cybersecurity a focus during this transitional time.