According to Buffer’s State of Remote Work Report, 30 percent of respondents said their employer allowed everyone to work remotely. This was before the COVID-19 pandemic. When stay-at-home orders were issued, virtually every employee who could work remotely did work remotely.
For organizations with longstanding remote work policies and mature IT operations, the shift to “all remote, all the time” was relatively seamless. That hasn’t been the case for most companies, especially from a cybersecurity standpoint.
The switch to remote work was abrupt, and most companies did not have the systems in place to support such a change. They cobbled together a remote working plan as quickly as possible to minimize disruption and downtime.
As a result of the sudden change to working from home, many employees have been using personal laptops and unsecured home internet connections to access company resources. Many partners and vendors likely have been doing the same thing.
Makeshift remote work strategies and uncertainty have had workers scrambling to find the tools they need to do their jobs. The safe assumption is that organizations have seen an increase in shadow IT, which means workers find their own solutions without their employer’s knowledge. This could involve everything from a consumer-grade file-sharing app to a second smartphone.
Of course, IT can’t monitor and secure technology that it doesn’t know exists. Every device, every app, and every software instance represent an opportunity for hackers to access your network. Even if you’re using software and devices that have been approved by IT, you still have to follow the appropriate processes for accessing company resources and storing and sharing data.
Organizations that didn’t have such processes in place or weren’t exactly diligent about enforcing such processes have been more susceptible to cyberattack. In fact, some experts predict the largest cyberattack in history could happen in the very near future due to an expanded attack surface and gaps in virtual cybersecurity.
The coronavirus is not the kind of virus IT security professionals are used to managing. The cybersecurity defenses of thousands of companies, especially small businesses, are in shambles as a result.
Small businesses should not make the mistake of assuming they’re at risk just because large corporations are more lucrative targets. Hackers often prefer the path of least resistance, which tends to be smaller companies that don’t have their cybersecurity house in order. Also, hefty fines for compliance and data privacy violations are big enough to threaten the very survival of small businesses.
The unfortunate reality is that 60 percent of small businesses shut down permanently within six months of being hacked.
Given the scope of changes your organization was forced to implement with little warning, as well as the fact that remote working will be with us for the long haul, your staff could probably benefit from cybersecurity awareness training.
This can help your team identify threats such as spam, phishing, malware, ransomware, and social engineering attacks. Training can also provide a blueprint for reporting suspicious activity, executing an incident response plan, and developing an ongoing training program. The key is to make security a day-to-day priority for every employee, not just the IT department.
Ancero encourages you to watch this video from Microsoft on Creating a Security Culture in Your Business and making it required viewing for your team.
As the business community reopens, employee safety must continue to be every organization’s top priority. However, cybersecurity must be addressed to protect your data and network from attack.
There are affordable solutions designed to combat modern threats and secure your infrastructure, even as workforces continue to work remotely. Contact us for an evaluation of your current security posture and to learn what security tools and data backup and recovery options can be implemented to keep your company assets safe.