• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

working from home

Unmanaged personal devices at home threatening corporate security

960 640 Stuart O'Brien

More than half of UK employees working remotely during lockdown use unmanaged personal devices to access corporate systems.

That’s according to a study published today by CyberArk, which found that UK employees’ work-from-home habits – including password re-use and letting family members use corporate devices – are putting critical business systems and sensitive data at risk.

The survey, which aimed to gauge the current state of security in today’s expanded remote work environment, found that:

  • 60% of remote employees are using unmanaged, insecure “BYOD” devices to access corporate systems. 
  • 57% of employees have adopted communication and collaboration tools like Zoom and Microsoft Teams, which have been the focus of highly publicised security flaws

Working Parents Compound the Risk

The study found that the risks to corporate security become even higher when it comes to working parents. As this group had to quickly and simultaneously transform into full-time teachers, caregivers and playmates, it’s no surprise that convenience would outweigh good cybersecurity practices when it comes to working from home. 

  • 57% insecurely save passwords in browsers on their corporate devices
  • 89% reuse passwords across applications and devices
  • 21% admitted that they allow other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping. 

Are Current Work-from-Home Security Policies Enough?

While 91% of IT Teams are confident in their ability to secure the new remote workforce, more than half (57%) have not increased their security protocols despite the significant change in the way employees connect to corporate systems and the addition of new productivity applications.

CyberArk says the rush to onboard new applications and services that enable remote work combined with insecure connections and dangerous security practices of employees has significantly widened the attack surface and security strategies need to be updated to match this new dynamic threat landscape. This is especially true when it comes to securing privileged credentials of remote workers, which, if compromised, could open the door to an organisation’s most critical systems and resources.

“Major socio-economic events have always led to a sharp uptake in cyber incidents. The WHO has warned of an exponential increase in attacks due to the global and unprecedented nature of the ongoing health crisis, and its transformative impact on the way we work. With the accelerated use of collaboration tools and home networks for professional purposes, best-practice security is struggling to keep pace with the need for convenience which, in turn, is leaving businesses vulnerable”, said Rich Turner, SVP EMEA, CyberArk.

“Responsibility for security needs to be split between employees and employers. As more UK organisations extend remote work for the longer term, employees must be vigilant. This means constantly updating and never re-using passwords, verifying that the operating system and application software they use are up to date, and ensuring all work and communication is conducted only on approved devices, applications and collaboration tools. Simultaneously, businesses must constantly review their security policies to ensure employees only have access to the critical data and systems they need to do their work, and no more. Decreasing exposure is critical in the context of an expanded attack surface.”

The first and last line of defence

960 640 Guest Post

As the frequency and sophistication of cyber attacks increase at an alarming rate, much attention has been paid to high-profile data breaches of enterprise companies. Just recently, EasyJet revealed that the personal information of 9 million customers was accessed in a cyber attack on the airline; and the examples don’t stop there. British Airways was fined £183 million in July last year after hackers stole data of half a million customers and in the same month, the Marriott hotel group was fined £99.2 million for a breach that exposed the data of 339 million customers. 

With media attention typically placed on data breaches of this scale, this could give the incorrect impression that the cyber security risk to SMBs is much smaller. It’s true that SMBs by their very nature don’t have thousands of employees or millions of global customers, but that doesn’t mean that they are not a target. Every business still has a combination of employees with personal data, payroll information, company credit cards, suppliers that use their systems – all valuable data that a hacker could potentially use to their advantage. Clearly, technology has a large role to play – but technology alone can’t prevent every type of attack.

Andrea Babbs, UK General Manager, VIPRE Security, explains how a combination of technology, regular training and tools that help the user to thwart potential hacks can provide a layered defence for organisations to mitigate the threats they face….

Technology alone is insufficient

Life and work as we know it is changing as a result of the Covid-19 crisis. Businesses were forced to implement a working from home policy (if they could) almost overnight, with many unprepared in terms of infrastructure and security. Cyber criminals have used this to their advantage, producing ever more sophisticated, convincing and dangerous methods to target businesses and individuals.

Technology, including solutions that provide a vital protection against email mistakes, can help users spot phishing attacks – such as the email that purports to come from inside the company, but actually has a cleverly disguised similar domain name. This technology can automatically flag that email when it identifies that it is not an allowed domain, enabling the user to cancel send and avoid falling for the phishing attack. In addition to email security and endpoint securitythat protects against emerging threats such as spyware, viruses, ransomware etc., this can be a valuable tool in an organisation’s armoury. 

But despite companies such as EasyJet investing significant amounts into essential cyber security software, the breach examples above clearly show that deploying technology in isolation is not enough to entirely mitigate the risk of cyber attacks. The key is to change the mindset from a full reliance on IT, to one where everyone is responsible. 

Employees are a key part of a business’ security strategy. Those that are educated about the types of threats they could be vulnerable to, how to spot them and the steps to take in the event of a suspected breach are a valuable and critical asset to a company. Employees are the soldiers on the front line in the battle against cyber criminals. They need to be trained to be vigilant, cautious and suspicious and assume their role as the last line of defence when all else fails. 

The threat landscape continues to evolve so rapidly that those businesses not conducting regular cyber security training for their employees are not secure. Relying on security software isn’t enough. But training shouldn’t just be a tickbox exercise either, a once a year session on cyber threats won’t be enough to keep the workforce sufficiently informed and vigilant. 

Security Awareness Training

Organisations cannot be expected to stay one step ahead of cyber criminals and adapt to new threats on their own. They need to recruit their employees to work mindfully and responsibly on the front lines of cyber defence. 

According to Verizon’s 2019 Breach Investigations report, 94 percent of malware is delivered by email, making it the most common attack vector. One element of ensuring that the workforce is alert to the threat of phishing emails is to conduct a regular internal phishing email campaign that can also provide analysis on which employees failed to spot the phishing attempt, and therefore, may require additional training. Would your employees know how to spot a scam attempt? What about the following real-world examples taken from actual events? 

  1. A scammer purporting to be a company executive sends an email to an employee requesting a wire transfer to be sent immediately to a supplier. With a senior colleague making the request, and added pressure at the moment to be seen as ‘working’ when working from home, the employee complies and wires funds to a fake account. 
  2. An email is sent to your outsourced HR provider claiming to be from the company CEO requesting personal employee data. Without spotting the fraudulent nature of the email, the HR provider complies and shares personal information with the scammer which could be used to create false documentation. 

Fortifying the defence strategy

The essence of a solid cyber security strategy is a layered defence that includes endpoint security, email security and a business-grade firewall for the security of your network. But even with the most sophisticated software in place, hackers make it their mission to stay one step ahead of IT defences. Employees can, therefore, be a proactive weapon in an organisation’s defence, or a hole in the fence for cyber criminals to pass straight through to the corporate network. That is why regular training, in addition to complementary security tools, can provide a fortified strategy for organisations to mitigate the threat of a cyber attack. The workforce should be trained to question everything, be cautious and double check anything that they think is suspicious. The difference between a trained and an uneducated workforce could mean the difference between an organisation surviving a cyber attack, or suffering the devastating consequences.

WEBINAR REWIND: How to Tackle Working From Home Security Threats

960 640 Stuart O'Brien

Last week ZIVVER hosted a webinar during which participants learned the secrets to securing an organization’s communications while safeguarding against costly data leaks with a remote workforce – if you missed this essential session you can re-watch it again now.

The lively 30 minute discussion includes expert insight and opinion from:

  • Quentyn Taylor is Head of Security for one of the largest enterprises in London. He is regarded as a key security commentator and is regularly quoted and published in industry publications and mainstream media.
  • Becky Pinkard is a renowned practitioner and commentator on the information security sector who has been working in information technology and security since 1996.
  • Rick Goud is the co-founder and CEO of Zivver, one of the top secure communication platform companies in Europe.

Tops covered off include:

  • Behind the stats: the top causes of data breaches in the UK
  • Data leak blunders and how to prevent them 
  • Evolving security threats with a remote workforce 
  • Modern solutions to secure outbound communications 

Watch again by clicking here

Securing outbound email is vital to help safeguard sensitive information and prevent data leaks. The good news is that this can be done easily and affordably with ZIVVER’s secure communication platform.

Getting started is easy

Setting up a ZIVVER account for up to 50 users can be conveniently done from any device in just a few clicks, 24 hours a day, 7 days a week. Simply choose the desired plan, select the number of users, and pay with a credit card to immediately begin sending communications securely.

Use the code WFH30UK to get 30% off for the first 3 months of your subscription – Click here to get started.

WEBINAR: How to Tackle Working From Home Security Threats

960 640 Stuart O'Brien

Learn the secrets to securing your organization’s communications while safeguarding against costly data leaks with a remote workforce. 

This April 30 webinar from ZIVVER features three industry experts who will bring you up to speed on the new threat landscape. 

Stay alert to WFH security threats 

Be in the know and hear about the following:

  • Behind the stats: the top causes of data breaches in the UK
  • Data leak blunders and how to prevent them 
  • Evolving security threats with a remote workforce 
  • Modern solutions to secure outbound communications 

Learn from these IT security experts

We’re delighted to have two incredible guest panelists alongside ZIVVER’s co-founder and CEO, Rick Goud. They’re ready to share valuable insights on how to effectively secure outbound communications.

  • Quentyn Taylor is Head of Security for one of the largest enterprises in London. He is regarded as a key security commentator and is regularly quoted and published in industry publications and mainstream media.
  • Becky Pinkard is a renowned practitioner and commentator on the information security sector who has been working in information technology and security since 1996.
  • Rick Goud is the co-founder and CEO of one of the top secure communication platform companies in Europe.

Following the panel discussion there will be an interactive Q&A session where you can ask questions.

Click here to register for the webinar