In March 2020, the UK along with the rest of the world was placed in lockdown due to Covid 19. Businesses sent staff home and in most cases, required them to work from home indefinitely. For some organisations, this shift was a case of moving from occasional to permanent remote working, and with staff already enabled, the transition was less cumbersome. Other institutions on the other hand, struggled with setting up the necessary infrastructure for their employees to work from home.
The supply chain was also negatively affected, with laptop suppliers recording low levels of stock, whereas IT staff struggled to open or manage systems from the personal devices of their workforce.
What to Consider in 2022?
The pertinent thing for consideration for businesses in this period of remote working, is the security implications associated with it. Many businesses in the bid to get people working, are failing to thoroughly check cybersecurity issues for remote workers.
We’ve put together some of the cybersecurity risks businesses have encountered working remotely during the pandemic.
Breaches through personal devices
Pre-pandemic, staff had been working in the office from desktop PCs and simply taking them home isn’t a viable option, as they do not have the space to set them up. In other instances, applications can only be accessed from the office space when close to a server. Hardware shortages as mentioned earlier, have made the purchasing of laptops difficult.
IT staff have had the task of setting up employees with VPNs (Virtual Private Networks) from their own personal devices to facilitate work. This has unfortunately introduced serious security implications for organisations. Anti-malware applications available on work PCs have been absent on personal devices, hence causing breaches.
In addition, the importance of regular updates and secure passwords have been ignored. This has led to the compromise of devices across board, making the installation of dangerous applications prevalent.
As a prevention, organisations moving forward need to assess these risks and understand the threat these devices pose. VPNs from personal devices should also be avoided as they act as an easy barrier for ransomware attacks, leaks, and malware. Confidential data should be encrypted to avoid issues with GDPR and where staff must use personal devices, systems that provide cloud access without data touching the device should be implemented. Microsoft Defender for Business is also another great way of protecting IT systems for malware.
Increases in Shadow IT
Remote working has also increased the levels of Shadow IT. Employees carrying out tasks from remote locations have begun using applications and software not previously approved by their respective IT departments. For instance, team collaboration, screen-sharing and messaging software have been installed by staff with the notion that it would make them work more effectively.
This has however led to increased challenges for IT security, in the form of sensitive data losses and leaks, financial risks and compliance issues, among others.
As a form of mitigation, businesses need to perform a regular audit of applications in use offsite. Thereafter, risky software would have to be removed. Employees would also need to be educated on the threats of installing systems without the prior consent of their respective IT personnel. Staff would also have to be encouraged to be transparent about the software they use. In addition, IT departments would also have to consider secure cloud solutions that would work for everyone. Cloud computing packages also have a variety of benefits that companies can invest in.
Insider risk
This occurs when former employees, employees, contractors, or third-party vendors with inside information about cybersecurity practices, leak data out of the business. The categories can be classified into those with the intention of leaking and those who leak data unknowingly through their negligent work practices.
There has been a huge surge in insider risk during the pandemic as potential malicious insiders working remotely have had access to sensitive large files.
IT wings of businesses need to constantly monitor files and activity across key data sources. They would also have to identify and determine who has access to data to prevent any such threats.
Infinity Group are IT Security specialists, if you are keen to discuss how to tackle the cybersecurity challenges COVID has brought to your business please get in touch with our IT Security team.
About the Author
Tom Lovell
As Chief Technology Officer at Infinity Group’s Innovation Lab, Tom oversees the cutting edge technology that the business creates. He drives creativity and pushes modern approaches of IT support and development.