Are your remote staff ready for a cyber attack?

/0 Comments/in /by

The world of work has changed, that’s a fact.

With the pandemic came the need to distance. Businesses both large and small were forced to create new policies and adopt a much more flexible approach to where and how their staff could work. With this flexibility came a new level of risk. 

‘The need to have meetings or to share files never went away – the way those things were done had to change.’ 

Businesses found ways for their workers to access files and data from home. This was a game changer for both smaller startups and bigger companies, but never more so than for employees. Remote workers quickly realised that with this flexibility came a number of benefits – the freedom to work from anywhere in the world, to log on and off at whim, to use the devices they preferred and to have more control over how work would fit in around family life. 

We never looked back.

It’s 2023 and hybrid and remote roles have become the norm – but this hasn’t been great for IT teams. Across the globe, IT managers are now coping with the fact that many more employees are now working outside of the corporate firewall – either all, or some of the time. The range of unknown risks that this brings means the likelihood of a breach has also increased. Here are just a few of those risks:

  • Increased risk of ransomware attacks 
  • Increased malware attacks 
  • Devices being more exposed at home, where others may have access to use them 
  • IT support not being as accessible when supporting remote workers 
  • Employees lacking the proper cybersecurity training to act intelligently 
  • Employees using unauthorised and unmanaged IT tools to share company and customer data 
  • External collaboration tools not providing adequate cybersecurity (ex: “Zoom-bombing”) Employees not having adequate cybersecurity protections for their personal networks and devices

The list goes on.

Remote employees around the world are working across a range of devices, using a range of SaaS provisions and operating from hybrid locations to stay connected – some regulated…others not. So how can IT teams be sure that remote workers are using the right equipment / tools? Or at the very least, that personal devices have virus protection?

Something as simple as using a device at home and then using it in the office can seem fine if you don’t understand the risks.’

How safe is your BYOD (bring your own device) policy? 

In remote and hybrid environments, BYOD policies have become very popular. Unfortunately, for many this has proved a short-sighted approach when implemented without the right checks and measures. 

‘During the pandemic, many IT teams admit to de-prioritising security for remote working. Remote workers also admit to uploading corporate data to non-work apps and unregulated personal devices.’ 

The truth is, ensuring that employees follow protocol requires that they have an understanding of what is required of them, the risks and how to avoid them.  It is the responsibility of business owners and decision makers to keep employees informed and safe from cyber attacks. This means that both strategies and budgets need to include strong arming employees with the tools, knowledge and ongoing training to keep themselves and the company safe.

It’s true, there are more immediate measures that businesses can implement to keep their staff and digital assets safer. The two most obvious are:

 – Antivirus software for PC AND Mac users

 – Implementing remote desktop setup and multi-factor authentication.

To be clear, this is not a complete failsafe – especially when implemented without training employees on what to watch out for and how to handle a breach in real life.

Even when organisations utilise multifactor authentication (MFA) protocols, virtual private networks (VPNs), and other mitigation controls, phishing attacks still succeed. ‘

The risks surrounding ChatGPT

As technology advances, our most outlandish tech dreams are being realised in real time. The introduction of AI to the general public – particularly in the form of ChatGPT – has changed the landscape for many. Chat GPT has made it easier and quicker to create copy, content, code and more. But for those in the know, the risks of this are obvious. To those who are keen to commit cyber-attacks, ChatGPT can recreate the right sentences and tone for a sophisticated phishing attack whilst also having the ability to create malicious code in a matter of seconds. 

In short, ChatGPT could be upskilling the most amateur of cyber attackers – what is currently a useful tool for business, could in turn be used to create huge risk to the security of those businesses. 

“ChatGPT, the new AI sensation, is helping even less skilled cyber threat actors write codes and launch cyberattacks effortlessly.”

People are the biggest risk…

More than ever before, businesses need to have a well thought out cyber security strategy in place – one that caters to the needs of ALL employees. In short: your cyber security strategy should not only be reserved for your IT teams.

Remote employees are prime targets for phishing attacks, mainly because they are often less familiar with policies for things like password resets and help desk support and are likely to use a variety of personal and employer provided devices.

We understand that cyber security programs should address end-user education with security awareness training to reduce cyber threats within organisations. Servnet have partnered with Cybersure to provide this training – a comprehensive resource which includes training employees on how to most securely and compliantly work at home

This training provision includes the following:

  • Identifying those employees most at risk
  • Providing employees with not only the education required to protect your organisation, but the ability to transfer the skill into their working environment.
  • Deploying a number of ‘in-the-wild’ simulations that cater for different scenarios
  • Building further intelligence by gathering qualitative feedback from employees throughout and beyond their training journey
  • Supporting the ongoing maintenance of employee motivation and proficiency

For more information on how Servnet can work with your business, get in touch.

Cyber crime: keeping your business one step ahead

/0 Comments/in /by

Cyber criminals don’t logon and clock off between the hours of 9-5. Data threat / loss can arise at any time of the day or night – which means that the best type of security is 24/7 and ever evolving. At Servnet we take the risk to your data and systems extremely seriously, we understand and constantly assess this risk so that you don’t have to. Our job is to keep you one step ahead and to provide a full service in the case of a disaster. Here’s how we keep your data safe:

  • Primary data is replicated and held by a disaster recovery service provider in a different location
  • Regular data snapshots are included so that there is no data loss during failover.
  • This switch is swift and responsive, helping to preserve the kind of business continuity that is vital to ongoing operations – avoiding downtime is the primary goal.
  • Once the disaster event has passed and access returns to the primary site. Primary data replication begins again immediately so that there is no drop in protection should another problem arise.

‘Servnet disaster recovery response is swiftly implemented and ensures that your business has the support it needs to achieve continuity.’

 

I’m not a bank or a large company, is my business really at risk?

Any business, regardless of the industry, is at constant risk of a cyber attack. Some industries are more vulnerable to cyber attacks than others, simply due to the nature of their business. That said, if you have data then you could be subject to a data breach – it’s that simple. Data is a valuable asset to cyber criminals and they will go to great lengths to access yours. It’s not just credit card information – health records, intellectual property, financial records, academic research and of course names, addresses and billing information is just a fraction of what cyber criminals will attempt to gain access to.

‘At ServNet we offer a range of detection services including a vulnerability assessment, Cyber-Security Threat Detection and Vulnerability Assessment, Penetration Testing, GDPR – Portal Assessment, Phishing Awareness. Cyber Essentials Assurance & Compliance.’

 

I’m a victim of a cyber attack, what do I do now?

Prevention is always better than a cure – this should be the approach you take to protecting your business from cybercrime. Forward planning and creating a robust process of assessing, planning and implementation of the tools required to protect your organisation against attack is key. In the event of a successful attack, where data has been breached and/or your systems compromised, having backup and recovery can mean the difference between a disaster that can be rectified and one with everlasting repercussions. Where there has been a breach, Servnet can deploy and manage advanced data recovery 24/7, enabling your organisation to be responsive to ongoing security challenges that require immediate action. Our experience covers more than three decades and includes working with leading providers.

‘We provide total peace of mind in the event of a disaster, enabling rapid recovery of physical and virtual machines; plus, essential business continuity testing on-demand. If your business is facing a potential disaster event, Disaster Recovery as a Service ensures that you have the interests of employees, customers and stakeholders covered.

Contact us for a free cyber review.