Keeping your remote workforce secure during the pandemic
Cybercrime is rising sharply as opportunistic and immoral criminals take advantage of the disruption
The Covid-19 pandemic has been the most disruptive crisis to impact business operations since the Second World War; dwarfing the global financial crisis of 2008, the dot-com bubble burst and Black Wednesday in terms of intensity, urgency and severity.
In just a few weeks, businesses have been asked to overhaul operations and implement a 100 per cent remote working model. Employees across the country, many of whom were unfamiliar with video conferencing or cloud-based Software-as-a-Service (SaaS) solutions, are now being forced to use these key applications in order to do their jobs.
Whilst employees get to grips with the new rules of remote working, another threat looms large: the increasing risk of a cyberattack. Centrify's own research has already noted a significant rise in the number cyber assaults facing organisations, as criminals look to take advantage of untrained and unconfident internet users.
Cybercriminals are immoral and opportunistic, and are taking advantage of the chance presented to them by the influx of remote workers. Consequently, recent polling we conducted during the Covid-19 lockdown has found that nearly three-quarters of business decision makers (71 per cent) believe that the shift to 100 per cent remote working during the Covid-19 crisis has increased the likelihood of a cyber breach.
What's more, the polling also revealed that 46 per cent have already noted an increase in phishing attacks since implementing a policy of widespread remote working; business decision makers also fear that IT systems are now at increased risk, with over half (56 per cent) saying they believe that privileged IT admin remote access is at risk of security breach.
This is unsurprising, as phishing and spear-phishing email attacks are some of the most effective methods of cybercrime. Essentially, criminals can use this form of cyberattack to collect valid credentials such as passwords and usernames. Once they have access to a system, they have a number of options available to them. What's more, if they're able to get the credentials of an administrator or other privileged user with far-reaching entitlements, they can move laterally and freely within the network until they find valuable data, extract it, and cover their tracks.
Combatting this growing method of cybercrime with little more than video conference training sessions is no easy feat. In reality, IT managers have no choice but to implement an effective privileged access management solution that will grant the least amount of privilege possible in order to stop criminals in their tracks.
Even before the Covid-19 crisis confined us to our homes, stolen privileged credentials were already one of the most successful forms of cyberattack against businesses.
The responsibility for most of these attacks starts from the employees themselves - many of whom use simple, easy-to-guess passwords across multiple accounts, or fall victim to a sophisticated (or oftentimes, a very simple) email phishing attack. The reality is that cyber-attackers no longer "hack" in - they log in.
Therefore, it is not enough to simply train employees on how to spot suspicious emails, or update software. Decision-makers must introduce a company-wide approach for authenticating users and authorising access based on their identities and confirmed with solutions such as multi-factor authentication.
What this means is that every single login request, or access point, requires multiple identifying factors to be input before a user is allowed access - this will typically require a username and password, as well as inputting a text code, a using a hardware card or key, or even using biometrics such as a fingerprint scan.
Particularly in this current climate, it is critical that company leaders assume that all employees are a potential threat, and enforce least privilege: grant just enough access to do a job, just-in-time, for only the amount of time needed. A healthy sense of paranoia is the only way for organisations to properly protect critical data, this means recognising that the threats can come from any employee or device, even if they appear legitimate.
Covid-19 has put enough on our plate to worry about, without the thought of a significant breach putting sensitive customer, client or even employee data at risk. Therefore, the safest and most advised route is to invest in cybersecurity software that can help keep the organisation and remote employees ahead of the hackers. After all, for them it's just another day at the office.
Andy Heather is VP at Centrify