remote working Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

remote working

Unmanaged personal devices at home threatening corporate security

960 640 Stuart O'Brien

More than half of UK employees working remotely during lockdown use unmanaged personal devices to access corporate systems.

That’s according to a study published today by CyberArk, which found that UK employees’ work-from-home habits – including password re-use and letting family members use corporate devices – are putting critical business systems and sensitive data at risk.

The survey, which aimed to gauge the current state of security in today’s expanded remote work environment, found that:

  • 60% of remote employees are using unmanaged, insecure “BYOD” devices to access corporate systems. 
  • 57% of employees have adopted communication and collaboration tools like Zoom and Microsoft Teams, which have been the focus of highly publicised security flaws

Working Parents Compound the Risk

The study found that the risks to corporate security become even higher when it comes to working parents. As this group had to quickly and simultaneously transform into full-time teachers, caregivers and playmates, it’s no surprise that convenience would outweigh good cybersecurity practices when it comes to working from home. 

  • 57% insecurely save passwords in browsers on their corporate devices
  • 89% reuse passwords across applications and devices
  • 21% admitted that they allow other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping. 

Are Current Work-from-Home Security Policies Enough?

While 91% of IT Teams are confident in their ability to secure the new remote workforce, more than half (57%) have not increased their security protocols despite the significant change in the way employees connect to corporate systems and the addition of new productivity applications.

CyberArk says the rush to onboard new applications and services that enable remote work combined with insecure connections and dangerous security practices of employees has significantly widened the attack surface and security strategies need to be updated to match this new dynamic threat landscape. This is especially true when it comes to securing privileged credentials of remote workers, which, if compromised, could open the door to an organisation’s most critical systems and resources.

“Major socio-economic events have always led to a sharp uptake in cyber incidents. The WHO has warned of an exponential increase in attacks due to the global and unprecedented nature of the ongoing health crisis, and its transformative impact on the way we work. With the accelerated use of collaboration tools and home networks for professional purposes, best-practice security is struggling to keep pace with the need for convenience which, in turn, is leaving businesses vulnerable”, said Rich Turner, SVP EMEA, CyberArk.

“Responsibility for security needs to be split between employees and employers. As more UK organisations extend remote work for the longer term, employees must be vigilant. This means constantly updating and never re-using passwords, verifying that the operating system and application software they use are up to date, and ensuring all work and communication is conducted only on approved devices, applications and collaboration tools. Simultaneously, businesses must constantly review their security policies to ensure employees only have access to the critical data and systems they need to do their work, and no more. Decreasing exposure is critical in the context of an expanded attack surface.”

Transitioning to Secure Remote Working During and Beyond COVID-19

960 640 Stuart O'Brien

By Steve Law, CTO, Giacom and Sébastien Gest, VadeSecure

Organisations of all sizes that typically work in office environments have been thrown into the deep end due to the Covid-19 outbreak. Social distancing measures and restricting unnecessary travel has meant that a majority of companies had to unexpectedly revert to remote working. Many of these businesses quickly realised that they weren’t ready for this digital transformation, with recent research suggesting that UK firms are among the world’s least prepared for home-working.

With 25% of businesses having no crisis plan in place and 55% of employees having little to no experience of working from home, organisations have had to revise their working practices to be able to conduct their work digitally and remain effective. Technology plays a key role in enabling remote work, but many organisations did not have this planned in advance, and subsequently, are at a disadvantage due to their current inadequate technology solutions and infrastructure in place. This can lead to significantly increased security risks and concerns, as Steve Law, CTO, Giacom and Sébastien Gest, VadeSecure, explain.

Workplace Challenges

Workforces may not have access to the necessary devices from their homes such as work laptops, the correct video conference solutions or collaboration tools in place to perform their role. As a result, employees who are working from home will have to do so from their own devices. This ‘Bring Your Own Device’ (BYOD) phenomenon creates a security concern as not all personal electronic devices will have the correct level of security installed on them – the software may not be up to date, they may have an older version of Windows installed or no antivirus software available.

This creates an issue for both the consumer and the professional, as the same credentials are often used across multiple accounts at the same time. Hackers’ creativity is limitless and is becoming more sophisticated over time. Vade Secure has seen a shift in cyber criminals’ strategies, changing from attacking individuals with ransomware to instead using these individuals as a backdoor to gain access to corporate networks, and there is no better opportunity to do this than via individuals using their personal devices from home. However, by implementing the correct software and security solutions across all employees’ devices, these risks can be mitigated. 

Evolving threats 

The number of cyberattacks has continued to increase over time, with up to 88% of UK companies being targets of breaches in the last 12 months. However, hackers are taking advantage of the current coronavirus situation by sending phishing emails purporting to be PPE suppliers or medication. Recent statistics have found that since January 2020, there have been over 4,000 coronavirus-related domains registered globally, with 3% found to be malicious and 5% suspicious. These results heighten the importance of ensuring your workforce are securely remote working.

Over the last three months, as the coronavirus outbreak has unfolded, Vade Secure has seen a surge in spear-phishing and malware activities. Examples of this which have been found include capitalising on psychological aspects of the victims, including Covid-19 charity campaigns, fake mask and sanitiser suppliers, as well as stock and medications for purchases which don’t exist.

With 91% of cyber attacks using emails as their first vector, it’s more important than ever to ensure that your employees have a secure email network in place. No organisation is immune to the threat and companies which don’t have the right security software in place need to act now before it’s too late. By adding these security elements, companies can benefit from detecting and blocking features and using Artificial Intelligence to secure their networks and become notified when a non-legitimate email appears.

Securing the weakest link  

Often, the weakest link of an organisation is the employee, as 88% of UK data breaches are caused by human error. Employees are not security experts and can fall foul to phishing scams if they don’t have the right level of education or awareness. When working from home, your workforce is under more pressure to work both faster and harder, which can lead to mistakes being made. Staff members don’t have the time to check every email before they open them, but this one click can make all the difference.

Instead, by educating employees and making them more vigilant, they will be able to spot scams and cyber attacks before the damage is done. Combined with the right security software that uses techniques such as alert ‘pop-ups’ to prompt users to check emails before clicking on links, for example, the workforce will become more aware of the signs to look out for. By enabling users to make an informed decision about the nature and legitimacy of their email before acting on it, organisations can now mitigate against this high-risk area.

Conclusion

In order for organisations to limit the number of insider data and security breaches,  particularly when working remotely, it’s crucial for employees to understand the role they play in keeping the company’s information secure. By preparing in advance and having a secure contingency plan in place which provides employees with the necessary devices and security, companies will be in a stronger position to defend their systems against hackers. In addition to this, supporting employees with training will allow workforces to understand the evolving risks they face, and how to keep their information and systems secure. 

WEBINAR REWIND: How to Tackle Working From Home Security Threats

960 640 Stuart O'Brien

Last week ZIVVER hosted a webinar during which participants learned the secrets to securing an organization’s communications while safeguarding against costly data leaks with a remote workforce – if you missed this essential session you can re-watch it again now.

The lively 30 minute discussion includes expert insight and opinion from:

  • Quentyn Taylor is Head of Security for one of the largest enterprises in London. He is regarded as a key security commentator and is regularly quoted and published in industry publications and mainstream media.
  • Becky Pinkard is a renowned practitioner and commentator on the information security sector who has been working in information technology and security since 1996.
  • Rick Goud is the co-founder and CEO of Zivver, one of the top secure communication platform companies in Europe.

Tops covered off include:

  • Behind the stats: the top causes of data breaches in the UK
  • Data leak blunders and how to prevent them 
  • Evolving security threats with a remote workforce 
  • Modern solutions to secure outbound communications 

Watch again by clicking here

Securing outbound email is vital to help safeguard sensitive information and prevent data leaks. The good news is that this can be done easily and affordably with ZIVVER’s secure communication platform.

Getting started is easy

Setting up a ZIVVER account for up to 50 users can be conveniently done from any device in just a few clicks, 24 hours a day, 7 days a week. Simply choose the desired plan, select the number of users, and pay with a credit card to immediately begin sending communications securely.

Use the code WFH30UK to get 30% off for the first 3 months of your subscription – Click here to get started.