We are living in a time of constant change. The end of the pandemic is on the horizon, people are returning to work in offices across Ireland, and a return to life as normal seems to be a real possibility at last.
Many businesses will continue to operate on a hybrid work model, allowing their employees to work from home some of the time – but what are the security implications of this?
Remote and hybrid working models pose some worrying risks when it comes to cybersecurity. At home, employees do not have the same levels of network protection that they would have in the office.
According to Microsoft, 36% of employees have backed up corporate data to their personal devices. They may also be connecting to their home and work networks on the same devices without following proper security procedures, which can leave the organisation’s network vulnerable to attacks.
On top of all this, there is also the ever-present threat of a breach from within.
In 2020, Microsoft reported that 76% of Irish business owners were worried to some degree about their employees exposing the company to digital security risks. Although this is something no business owner likes to think about, the reality is that any one of your employees could be the weak link in your cybersecurity chain.
We often hear of cybercriminals infiltrating organisations from thousands of miles away, but security threats can also come from within the network.
While malicious attacks often do originate externally, business owners also need to be vigilant against ‘insider threats’. These can include employees, both current and former, or anyone with access to systems and data that could potentially compromise your security.
Insider threats can be malicious and intentional, perhaps coming from a former employee who believes they were unfairly dismissed, or from a current employee who’s identified a weakness in your network infrastructure and sees an opportunity to make some money.
None of this is pleasant to consider, but the risk, unfortunately, is too great to overlook.
Insider threats can also be entirely innocent, stemming from carelessness or a lack of basic cybersecurity knowledge.
Even with a firewall, antivirus software and multi-factor authentication in place, all it takes is for one staff member to open a phishing email and click a malicious link without realising it. Or, while browsing the internet on their lunch break, they might unintentionally install malware or visit a phishing website.
The “threat landscape is morphing at its fastest rate to date,” says Paul Brennan, director of the HPE Security Fusion Centre in Galway. The ever-increasing scale, speed and sophistication of malware attacks means that even the savviest employees can be tricked into opening a malicious email.
Brennan warns that today’s cybercriminals “know how to cleverly disguise their attacks” and can make emails look completely legitimate, including logos and signatures from people they know and trust.
In this October 2021 article, we recommended that all employees should adopt a zero trust approach when it comes to opening emails.
Virtual Private Networks, or VPNs, are commonly used to provide secure access to remote workforces, but they are proving inadequate against the more advanced cyber attacks that we have been seeing lately, largely due to how they are implemented. Because VPNs often provide unrestricted network access, this can enable malware to move across the network until it finds something it can exploit.
A more secure alternative is the ‘Zero Trust Network Access’ model, which is a means of controlling remote access to sensitive data. It operates on the basis that there is no such thing as a trusted source, and will not grant access to company systems until the user has been verified.
Because ZTNA operates on the premise that there are constant threats both outside and inside an organisation’s network, every attempt to access the company’s network, systems or applications is viewed as a threat until proven otherwise by a process of verification.
The zero trust approach is based on the following guiding principles:
60% of businesses are predicted to have transitioned to ZTNA by 2023, and with good reason: in 2021, IBM reported that a mature zero trust approach reduced the average cost of a data breach by $1.76 million.
With the threat landscape constantly evolving and getting more advanced by the day, business owners need to prioritise cybersecurity awareness training for the entire team.
If your staff are not trained to be able to identify threats, then it’s only a matter of time before your network suffers a breach. Cybersecurity awareness training will give your employees the skills and confidence to minimise cyber risks, both at work and at home, and it should also be noted that most insurers now require companies to provide mandatory phishing awareness training in order to avail of cyber insurance coverage.
Calnet IT remains at the forefront of cybersecurity in Ireland, providing reliable support and proactive solutions to Irish businesses since 2003.
Contact us today to find out how we can protect your business against cyber threats in real-time.
It’s no secret that the global events of the past few years have altered the world of business for good. Employees are no longer willing to be tethered to their office desks; the hybrid workforce requires more flexible and agile working solutions that allow them to...
How Azure Virtual Desktop Security is Facilitating Secure Remote Working Practices As businesses across the globe have adapted to a remote working model, the need for more robust security measures has naturally increased. Disparate co-workers are naturally more...
Understanding Your Virtualisation Options: Azure Virtual Desktop vs Remote Desktop vs Virtual Machines The digital workforce now views flexibility as a necessity. The ability to work from anywhere underpins our current business environment. While several IT solutions...
%