This September, schools will re-open while Covid-19 restrictions will be cautiously relaxed. Many employees will return to the office, at least with a part-time schedule. This choice will create a brand-new scenario for organizations: a hybrid work environment between home and office, adding more risks to cyber-security.
In the COVID-19 pandemic early days, many organizations had to unavoidably adopt smart working methods. Unfortunately, Cyber-crime has quickly adapted to this new dimension, revisiting phishing scams in a more “COVID-19 key”.
In April, Google stated it had to handle more than 18 million COVID-19-themed malware and phishing emails every day.
Phishing is by far the most popular method used by cybercriminals to distribute ransomware. Ransomware is an insidious type of malware that encrypts corporate data until a ransom gets paid.
In April, Interpol stated that the number of worldwide ransomware attacks against key organizations had significantly increased.
The latest ransomware attacks have hit important tech companies like Garmin and EasyJet Airline. These attacks can block business operations, affecting the perception of customers and therefore even the most solid brand reputation.
Cybercrime is determined to spot the weak link in the defensive chain, and attacks are becoming increasingly aggressive. How can an organization maintain high defense standards if work activities take place in a hybrid work environment with diversified levels of security?
The dark side of Smart Working
During this lockdown, the dark side of smart working didn’t take long to emerge. In such a new and unexpected situation, staff training on cyber risk awareness has not always been a priority and organizations’ exposure to phishing attacks increased.
Not all companies have been able to review their security policies, provide new guidelines and tools and secure this unexpected work environment.
Without the usual protection and communication systems, it’s easier to fall victim to a phishing attempt and giving away valuable corporate credentials, paving the way for ransomware attacks.
Smart working can offer cybercrime several vulnerabilities to exploit, often linked to the hybrid use of business tools. A weak point could be using your computer (is it personal or corporate?) to connect to your corporate network while working from home, or the network you use to connect (is it your home router or a VPN?). There’s also the risk that a corporate laptop may be lost or stolen.
At the same time, the use of collaborative software used to stay in touch with colleagues has incentivized the use of apps that are not approved by your organization. Sometimes we download these unauthorized apps to be more efficient without the knowledge of our IT department.
In addition to these risks, we must never forget the issues related to the privacy of the business data we exchange at home and remember that this data may be accidentally displayed or used by strangers.
A hybrid work environment: knowing the risks
The new hybrid work environment poses many challenges: protecting business data in such a large and difficult-to-control perimeter can only be possible with significant behavioral changes by the entire organization.
In this new environment, traditional security controls are no longer suitable for this purpose. The new “status-quo” of work will require appropriate security tools, new work policies, and above all, continuous training programs on cyber risks.
Doing so, all employees will raise awareness of the cyber risks threatening the new working modes. At the same time, these plans will support them in recognizing phishing attacks and promptly reporting any issues.
Our cyber-landscape always changes, posing new challenges: an effective cybersecurity awareness training path should be considered as a long-term project and never as a one-spot activity.
For more info…