Are your remote staff ready for a cyber attack?
The world of work has changed, that’s a fact.
With the pandemic came the need to distance. Businesses both large and small were forced to create new policies and adopt a much more flexible approach to where and how their staff could work. With this flexibility came a new level of risk.
‘The need to have meetings or to share files never went away – the way those things were done had to change.’
Businesses found ways for their workers to access files and data from home. This was a game changer for both smaller startups and bigger companies, but never more so than for employees. Remote workers quickly realised that with this flexibility came a number of benefits – the freedom to work from anywhere in the world, to log on and off at whim, to use the devices they preferred and to have more control over how work would fit in around family life.
We never looked back.
It’s 2023 and hybrid and remote roles have become the norm – but this hasn’t been great for IT teams. Across the globe, IT managers are now coping with the fact that many more employees are now working outside of the corporate firewall – either all, or some of the time. The range of unknown risks that this brings means the likelihood of a breach has also increased. Here are just a few of those risks:
- Increased risk of ransomware attacks
- Increased malware attacks
- Devices being more exposed at home, where others may have access to use them
- IT support not being as accessible when supporting remote workers
- Employees lacking the proper cybersecurity training to act intelligently
- Employees using unauthorised and unmanaged IT tools to share company and customer data
- External collaboration tools not providing adequate cybersecurity (ex: “Zoom-bombing”) Employees not having adequate cybersecurity protections for their personal networks and devices
The list goes on.
Remote employees around the world are working across a range of devices, using a range of SaaS provisions and operating from hybrid locations to stay connected – some regulated…others not. So how can IT teams be sure that remote workers are using the right equipment / tools? Or at the very least, that personal devices have virus protection?
Something as simple as using a device at home and then using it in the office can seem fine if you don’t understand the risks.’
How safe is your BYOD (bring your own device) policy?
In remote and hybrid environments, BYOD policies have become very popular. Unfortunately, for many this has proved a short-sighted approach when implemented without the right checks and measures.
‘During the pandemic, many IT teams admit to de-prioritising security for remote working. Remote workers also admit to uploading corporate data to non-work apps and unregulated personal devices.’
The truth is, ensuring that employees follow protocol requires that they have an understanding of what is required of them, the risks and how to avoid them. It is the responsibility of business owners and decision makers to keep employees informed and safe from cyber attacks. This means that both strategies and budgets need to include strong arming employees with the tools, knowledge and ongoing training to keep themselves and the company safe.
It’s true, there are more immediate measures that businesses can implement to keep their staff and digital assets safer. The two most obvious are:
– Antivirus software for PC AND Mac users
– Implementing remote desktop setup and multi-factor authentication.
To be clear, this is not a complete failsafe – especially when implemented without training employees on what to watch out for and how to handle a breach in real life.
‘Even when organisations utilise multifactor authentication (MFA) protocols, virtual private networks (VPNs), and other mitigation controls, phishing attacks still succeed. ‘
The risks surrounding ChatGPT
As technology advances, our most outlandish tech dreams are being realised in real time. The introduction of AI to the general public – particularly in the form of ChatGPT – has changed the landscape for many. Chat GPT has made it easier and quicker to create copy, content, code and more. But for those in the know, the risks of this are obvious. To those who are keen to commit cyber-attacks, ChatGPT can recreate the right sentences and tone for a sophisticated phishing attack whilst also having the ability to create malicious code in a matter of seconds.
In short, ChatGPT could be upskilling the most amateur of cyber attackers – what is currently a useful tool for business, could in turn be used to create huge risk to the security of those businesses.
“ChatGPT, the new AI sensation, is helping even less skilled cyber threat actors write codes and launch cyberattacks effortlessly.”
People are the biggest risk…
More than ever before, businesses need to have a well thought out cyber security strategy in place – one that caters to the needs of ALL employees. In short: your cyber security strategy should not only be reserved for your IT teams.
Remote employees are prime targets for phishing attacks, mainly because they are often less familiar with policies for things like password resets and help desk support and are likely to use a variety of personal and employer provided devices.
We understand that cyber security programs should address end-user education with security awareness training to reduce cyber threats within organisations. Servnet have partnered with Cybersure to provide this training – a comprehensive resource which includes training employees on how to most securely and compliantly work at home
This training provision includes the following:
- Identifying those employees most at risk
- Providing employees with not only the education required to protect your organisation, but the ability to transfer the skill into their working environment.
- Deploying a number of ‘in-the-wild’ simulations that cater for different scenarios
- Building further intelligence by gathering qualitative feedback from employees throughout and beyond their training journey
- Supporting the ongoing maintenance of employee motivation and proficiency
You can find more information on our cyber security services on our Cyber Security page.