The lines between our professional and personal lives are blurring and that includes our online behaviours. Businesses can protect their networks by mitigating those behaviours, but meanwhile, cybercriminals are launching cyberattacks at the most vulnerable target – the remote worker.
While companies have introduced measures to support the physical and mental well-being of their employees, they seem to have missed the boat with regards to educating and supporting their workforce to help them better understand cyber safety while working outside the office.
According to our latest report on cybersecurity risks, 55% of remote workers have been the target of cybersecurity threats over the past year. Despite two thirds (66%) claiming to be more aware of cybersecurity threats since shifting to home working, they aren’t helping themselves or their companies with their behaviour. Work devices are being used for personal habits like connecting to third party apps and are being loaned to friends and family – trends that are putting businesses in jeopardy. Meanwhile, third party consumer apps are constantly at risk, the most recent example being a colossal leak of over 500 million users’ details across 106 countries. A breach of this magnitude is likely to have a wider impact.
Businesses who initially paid less attention to cybersecurity to speed up the transition to homeworking have taken a risk. That needs addressing now to provide for business continuity and help better protect their workforce and business from any future cyberattacks.
Best practices to address the workforce risk factor
To reduce risk in this increasingly dynamic environment, your approach to cybersecurity must continuously evolve above and beyond the foundational practices you already have in place. Cybersecurity innovation means keeping pace with cybercriminals by continually adapting and evolving your organisation’s security controls and practices for protecting enterprise data. This is true whether your data resides on an IoT device, a smartphone, a server behind the corporate firewall, or is in transit to or from the cloud.
A proactive approach to cybersecurity involves protecting all components of the digital ecosystem — data, connected devices, applications, networks, and the data centre — with the help of innovative technologies and methods that improve how you identify and respond not to just today’s threats, but tomorrow’s.
With rules still changing, it is unclear when we might return to the office and when we do, it’s likely to take a hybrid form as remote working adoption has proven to enhance productivity and profitability. What is clear, is the need for businesses to take a Zero Trust approach to what will be a hyper distributed workforce. Zero Trust assumes that traditional access credentials are no longer sufficient to accurately establish trusted identities for user, device and application access. Rather, organisations should undertake continuous, risk-informed assessments and deploy granular security controls to manage, monitor, and enforce access.
As all parties adjust to the ever-shifting remote working landscape, the critical concerns regarding the security of data and systems must be addressed to prevent cyber breaches and the associated fallout.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.