The coronavirus pandemic without hesitation pretty much obliterated ‘business-as-usual’ and allowed very little time for companies to plan for an enforced remote working making organisations vulnerable.
The result? – Many businesses had to find work arounds to maintain business operations.
The consequence – Security policies were difficult to adhere to with business continuity taking priority. This meant that an organisations’ cyber postures were weakened, due to a lack of visibility in to their new network and its vulnerabilities.
The rise of the opportunist
The war between cyber security and those trying to exploit it is constantly raging. Security companies and expert individuals innovate and develop around the clock to ensure when new vulnerabilities are identified, the spotlight is shone directly on to them, ensuring they can continue to be defended against going forwards.
When the environment changes or is impacted by external (or internal) influences, the new landscape needs to be understood and secured. This gap in time between the change and the securing provides an attractive opportunity for the opportunistic malicious actor to exploit the gap in defences.
It’s imperative that when these changes occur and especially when they cannot be planned for, they’re understood, scoped and secured as quickly as possible to ensure remote working does make your company vulnerable.
As the old saying goes: ‘You can’t secure what you can’t see‘
Visibility is the key to security, once you understand the architecture, systems and processes, you need to secure and you can construct a robust strategy to do so.
But what if you can’t?
The immediate shift to remote working means a majority of business connections now lie outside of normal working estates. This means that unless the correct policies, systems, architecture and technology is in place to work securely in that way, there are blind spots.
Business policies that were made with a largely office-based workforce in mind, will need to be reviewed to ensure they are suitable and sufficient. The way users connect to systems may have changed and it’s vital that these new connections are understood and secured. The change of architecture needs to be understood, users are now working from home, meaning they are no longer connecting via your office network, at a minimum the endpoints need to be secured, but secure connections are just as important.
All of the above relies on visibility and your understanding of the situation, environment and your users, to make informed security decisions and ensure remote working doesn’t leave you vulnerable.
User error accounted for 90% of cyber data breaches in 2019
With data taken from the Information Commissioners Office (ICO) and analysed by CybSafe, 90% of data breaches were a result of human error, this is up from 61% and 87% in 2018 and 2019 respectively.
With this in mind, user training requirements need to be understood and met, as a priority.
With a new way of working, which potentially involves the use of new technologies (E.g File sharing or communications) users need to be aware and up-skilled on the new threats they face and how to carry out their role securely.
Clear communication and explanation on new company security policy’s must be provided, with the opportunity to receive feedback and concerns to ensure no stone is left unturned.
The problem with uncertainty, ambiguity or a lack of clarity is that users will try to find work arounds. Users will use different communication channels, file sharers etc, that sit outside if approved company policy. This is often done with best intentions, as a means of being more productive, but the reality is that these choices can cause damage. You need to understand their requirements and cater for them to ensure security policy is upheld.
What do you need to do to ensure you do not fall in to the category of remote working has made companies vulnerable? Click Below
Sign up for ‘NCL Insights’
Your trusted source for innovation, technology insights, and market trend analysis.