CyberRisk & the Return to Office [Infographic & Article]
As the number of employees working from home has skyrocketed this year due to COVID-19, so have the associated cyber risks. A recent webinar from Travelers Europe provided evidence from the past several months that working from home is less secure than working in corporate settings. Research conducted in March by cybersecurity intelligence firm BitSight Technologies found that home-working networks were 3.5 times more likely than corporate networks to be hit with a range of malware strains – and among the key malware concerns, they were five times as likely to be hit.
“All told, 45 percent of home networks were infected with one of the types of malware tested,” said Davis Kessler, Head of Cyber at Travelers Europe. “It goes to show that this is not just a theory; working from home does bring this exposure.”
But on the positive side, this knowledge may help companies understand how to fortify security for employees working from home – and how to ensure those safeguards carry through to when their employees return to the office.
Where are the risks?
The vulnerabilities that exist when working from home – and which may pose security risks as employees return to the office – fall into four categories:
- Personal device usage: Personal devices tend to lack the security guardrails found within a company infrastructure. Having multiple home users only increases risk entry points.
- Personal use of company devices: Company devices often provide access to confidential data. Increased personal use of these devices can increase vulnerabilities.
- Use of collaborative tools: Collaborative digital tools contain vast amounts of data that could be vulnerable without patching and have been a target of attacks.
- Employee relaxation in cyber hygiene: Remote working leads to more relaxed employee behaviors that may spill over into the office environment when employees return. At the same time, attacks are becoming more sophisticated and require ever-increasing vigilance.
What attacks are companies experiencing?
Kathleen Clarges, Cybersecurity Consultant with Symantec, a partner of Travelers Europe, said some of the most common attacks against organisations in recent months have involved malware, spyware, distributed denial of service, and phishing – among many others. These attacks cause a range of problems that hinder an organisation’s ability to operate. Operational outages that impact productivity, revenue and employee safety are common, as well as attacks that degrade an organisation’s brand awareness and result in a loss of business-critical data.
While employees working from home can be prime targets for cybercrime, so are employees transitioning back to working in the office. As these employees readjust to their office environment, they may inadvertently provide cybercriminals with a window of opportunity for launching attacks. As an example, Clarges said that as lockdowns lifted in May and June, there was a nearly 75 percent spike in attacks by Cobalt Strike malware.
At a time when employees may have their guard down, attacks are becoming increasingly difficult to identify and prevent.
“We see criminals taking over email boxes and studying conversations, then inserting themselves into those conversations with appropriate language,” Clarges said. “It takes good deal of knowledge to identify that those messages aren’t genuine.”
What can companies do?
Companies can make themselves more difficult, time-consuming targets for cybercriminals by securing their systems, keeping them updated and ensuring employees understand their responsibility to minimise cyber risk.
Tony Kibble, Director of Cybersecurity at Travelers Europe, advises small and medium-size companies to have a documented security policy and provide training that demonstrates what staff can and can’t do with company devices.
- Ensure employees use strong passwords, store them separately from their laptops and use two-factor authentication for protection.
- They should know to never leave devices unattended, or, if they must leave it, to lock it and keep it out of sight.
- The company security policy should include a list of approved company software and limit an employee’s ability to install software on a laptop.
- Company systems require multiple layers of protection. Use firewalls, host intrusion protection systems and antivirus protection, configure them correctly and keep them up to date.
- Ensure laptop hard drives have full-disk encryption and, if possible, enable the remote locking and wiping of mobile devices.
- Block USB ports on company devices to help prevent employees from transferring information they shouldn’t move.
- Install security patches regularly, since new vulnerabilities are the most common ways of infiltrating networks and devices.
- Finally, back up all important data, which could be a business saver in the case of a ransomware attack.
Such precautions are critical, particularly if employees’ return to the office is temporary.
“These measures can be translated down to small and medium-size companies for little or no cost and can be implemented quite quickly,” said Kibble. “If we have to return to lockdown or there is a larger mix of working from home and from the office, there is always going to be a movement of devices.”