08/29/2022

Best Tips For Successful Cybersecurity Risk Management

Insights

12 min remaining

As they prepare remote workers for threats during COVID-19, companies are taking steps to protect themselves from cyber-attacks. To protect company data, businesses are using new risk management tools such as two-factor authentication or required VPNs.

People searched Google for information about health, wellness, and, surprisingly enough, cybersecurity when COVID-19 was declared to be a pandemic in February 2020.

The search volume for “how to remove virus” rose by 42% by March 2020.

IT infrastructures were strained by remote work across all industries. As the cyber pandemic continues, individuals, businesses, and government agencies have had to contend with an influx of cyber attacks.

Kobe Digital surveyed 500 employees in the United States for information about how they handle cybersecurity.

Companies can protect their IT infrastructure by taking measures such as secure WiFi networks and training employees to spot a phishing email.

What are companies doing to prevent cyber attacks during COVID-19

  • Two-thirds (66%) of employees at companies are taking their work computers and devices home during a pandemic to keep personal and work data separate.
  • 35% of companies require their employees to use secure Wi-Fi networks for their work activities.
  • 31% of companies require remote workers to use VPNs.
  • 31% of companies use 2-factor authentication to protect employee accounts during COVID-19.
  • Only 32% of companies practice Phishing Training despite an increased number of phishing scams in the recent pandemic.
  • 34% of companies are not using any of these cybersecurity precautions, making their remote workforce more susceptible to cyber-attacks.

Two-Thirds Of Employees Take Work Devices Home

Many employees work remotely so equipment that was once kept in offices has been moved to living rooms or home offices.

Since the COVID-19 pandemic, 66% of employees have taken home computers such as work computers.

Personal devices are frequently used on public, insecure networks and are more susceptible to attack. Many companies prefer that employees who work from home use company devices.

Chris Blunt is the CEO of the cybersecurity company BrokenStones. He believes that employees are more vulnerable to cyber threats if they work on personal devices than on a secure computer at work.

Blunt stated that personal computers are the riskiest. If you have your work machines properly set up and remote access systems in place then it is possible to take your work computers home. This is a cost-effective, good option.

“If your work machines are properly set up and you have the remote access systems, taking your work computers home can be a cost-effective option.”

Blunt recommends that companies make sure that their security protections, such as ransomware or software patches, are active and up-to-date throughout a company’s remote network.

Benedict Jones, CEO of mobile security company Traced agrees that having secure work devices at home is good for data safety. Jones warns employees that hackers are more likely to target mobile devices than desktop computers. Therefore, they should not use personal phones for work.

Jones stated that mobile devices are used to access work emails, internal systems, and web browsing. Attackers use mobile devices to steal corporate and sensitive information.

Employees should not be encouraged to bring work devices home. Companies should have the ability to lock and wipe any devices that are lost or stolen.

Employers can work remotely from their devices. This is an easy and cost-effective way for businesses to practice cybersecurity.

Secure WiFi Networks are a common cybersecurity protocol for companies

Employers are more likely than any other cybersecurity practice to use secure WiFi networks during COVID-19 remote work to allow employees to work.

Currently, 35% require a secure WiFi network.

WiFi networks can be protected from hackers with proper security measures that are affordable and easy to put in.

Tilly Holland, marketing manager at data recovery company Ontrack believes that remote workers need secure WiFi networks.

Holland stated that public WiFi hotspots were “characteristically weak” and offer hackers the opportunity to steal data. Cybercriminals also can take advantage of public networks by infecting devices using viruses that can spread quickly throughout the network, once users are back at work.

“Public WiFi hotspots tend to be weak, making them easy targets for hackers to steal and collect data.”

The following cyber attacks can be caused by working on public WiFi network:

  • Man-in-the-middle attacks: Hackers place themselves between victims and their companies, pretending to be both, and attempt to gain information.
  • Malware Hackers activate the software to cause damage to a network or device.
  • Worms: Hackers target security gaps to launch a malicious program that Spreads from one device to another without any human intervention.
  • Packet sniffers Hackers track and log information through networks by finding security gaps.

These cyberattacks are prevented by private networks, making it harder for cybercriminals to monitor your online activity.

Cyber threats can be prevented by having employees work remotely and connect to secure WiFi networks.

Enterprise VPNs are widely used and promote safe data sharing

Virtual private networks (VPNs), are the best way to secure sensitive work data from afar.

31% of companies use enterprise VPNs during COVID-19.

VPNs provide additional protection by encrypting work data. Companies encrypt data so that only VPN users have access to it. This is a crucial line of defense in case of a WiFi network breakdown.

VPNs allow workers to access the internet anonymously, regardless of their location. Darren Deslatte is the vulnerability operations leader at technology company Entrust Solutions. He believes VPNs are a crucial part of any small company’s operations.

Deslatte stated that a VPN “ensures that any work, logins or sensitive data accessed while the network is active are virtually untraceable by other parties, including cyber criminals.”

“[A VPN] makes it virtually impossible for others to trace any logins or work done while you are on the network, even cybercriminals.”

Remote workers must still rely on their WiFi network for security. Remote workers must rely on their WiFi setup for security. Even password-protected WiFi networks at home can make employees more susceptible to attacks than those in the office. 

For companies with large remote workforces, enterprise VPNs provide enhanced security protections.

Employees are more secure with two-factor authentication

After the pandemic, employees started working remotely and Two-Factor authentication (FFA) became a common corporate cybersecurity practice.

31% of businesses require 2FA to open work accounts.

Cybercriminals can predict and deduce passwords using common creation patterns. They can guess passwords based on requirements and expected formatting. According to a Verizon report, 80% of hacking incidents involved weak, stolen, or basic passwords.

2FA is a way to protect employees against cyber attackers. It pairs password requirements with authentication via something in the user’s possession such as a smartphone, secondary account, or other device.

Many cybersecurity professionals support 2FA as it protects user accounts without requiring extra work from employees. Jasmine Henry, the cybersecurity director at Esper is an Android DevOps platform. Henry strongly believes that 2FA should become a standard protocol for cybersecurity across all companies.

Henry stated that passwords are obsolete. “2FA is a minimum requirement for cybersecurity. Remote work makes it difficult to detect signs of an unauthorized login.

“Passwords are dead. Two-factor authentication is mandatory for cybersecurity. Remote work makes it difficult to detect signs of an unauthorized login.

Henry claims that even though employees may have different passwords for their accounts, a hacker can create a unique eight-character password in under an hour. Hackers can also access more than 15,000,000 stolen logins on the dark internet.

2FA is a simple security protocol that companies can establish and which is effective in protecting user accounts while working remotely.

For email security during remote work, Phishing training is essential

Employees can learn how to spot and avoid potential phishing scams, which could compromise company data.

Amid the pandemic, only 32 percent of companies offered phishing training to employees.

Phishing refers to the act, whereby emails are sent while pretending to be from a legitimate organization to collect personal data.

Phishing scams are the leading cause of worldwide cyber-attacks. Edward Marchewka is the founder of security company CHICAGO Metrics and warns companies that phishing can be dangerous to data security.

Marchewka stated that he has worked for several organizations over the years and all of them have been the target of phishing attacks. Although email filters are becoming more effective at stopping obvious attacks, additional measures, such as continuous training, are still necessary.

Marchewka believes that phishing training is crucial to security during pandemics. Employees are more susceptible to fraud when they work remotely.

What should employees know about Phishing?

Is it possible to get a virus by opening an email?

However, employees should be cautious about clicking on emails that contain links. If someone clicks on an attachment, link, or link in a phishing email, viruses like worms and Trojan horses are likely to be activated.

What is a Phishing Scam?

Zach Fuller, head of business operations at Silent Sector is a cybersecurity service provider. His investigations revealed that victims might fall for simple phishing techniques, even if they have not been properly trained.

Fuller recalls that a company had nearly 2,000 infected machines spread across multiple offices. An employee clicked on a fraudulent email promising a $20 Starbucks gift certificate.

What is the prevalence of phishing?

Phishing is the most widespread cybercrime, particularly during pandemics and remote work. A Phishing email is the first step in cyber attacks on the workplace. 80% of all cyberattacks are initiated by Phishing emails.

The rise in phishing scams has been attributed to COVID-19. Cybercriminals are known to send COVID-themed emails pretending to be government agencies. This prompts victims to respond with their personal information.

Who do phishing emails impersonate?

Henry warns remote workers against phishing emails that pretend to be from their CEO or other senior staff members. She suggests that employees contact the sender via another communication channel such as Slack, or by phone to verify suspect emails.

Why is phishing awareness so important for remote workers

Remote workers may fall for phishing attacks more often than employees who rely on email instead of in-person office conversations. Employees should be trained in phishing awareness, as attackers are constantly coming up with new and targeted scams during COVID-19.

Some companies aren’t using common cybersecurity protocols during COVID-19

Some companies have relaxed their cybersecurity protocols despite the risk of cyberattacks in remote environments.

More than one-third (34%) of companies do not follow common cybersecurity best practices.

Deslatte and Henry say that companies might be reluctant to put more emphasis on cybersecurity because of the cost. Companies may be concerned about the ease of implementing new cybersecurity protocols from a remote location.

Experts agree that cybersecurity breaches could prove to be more expensive than adopting new cybersecurity practices. Deslatte believes that cybersecurity should be a top priority for companies, particularly in remote environments.

Deslatte stated that a single data breach could easily shut down a company forever.

“One data breach can easily shut down a business permanently. This is why it’s so important to ensure your cybersecurity is up-to-date, even under difficult circumstances.

Not only is it the responsibility of companies to recover lost data or equipment, but they may also need to manage their reputation and marketing.

Cyberattacks are becoming more common during the COVID-19 epidemic. Blunt stated that companies should be prepared for any security threats while employed by remote workers.

Blunt stated that it is almost certain that organizations will be exposed to common security risks like phishing and weak passwords. It is important to learn the basics.

Cybersecurity Protocols are required for remote work to ensure data safety

Experts call for a renewed emphasis on cybersecurity during COVID-19. Companies could be at risk from cyberattacks if more employees work remotely.

The majority of employees have brought their work devices home at this stage in the pandemic. This allows them access to company networks and keeps work and personal data separated.

Companies are now:

  • Employers must connect to a secure WiFi network.
  • VPNs can increase security
  • Two-factor authentication is used to secure email and work accounts
  • Training in phishing awareness

Despite the increased threat of cyber-attacks from more remote workers, some companies have taken a relaxed approach during COVID-19 to managing cybersecurity risk.

Experts recognize the difficulties of implementing new protocols amid a pandemic, but they all encourage companies to insist on basic security measures for remote work.

About the author

Kobe Digital is a unified team of performance marketing, design, and video production experts. Our mastery of these disciplines is what makes us effective. Our ability to integrate them seamlessly is what makes us unique.