Every week, there are more and more reports of hackers getting into networks, stealing data and/or encrypting data and holding the business, company or organisation to ransom . The main way of infiltrating is still through phishing emails ...
In one recent report, the researchers highlight how 51% of businesses have paid a ransom demand between £250,000 and £1m, while 4% have paid ransoms exceeding £1m. The study of 305 companies also found that 84% that chose to pay a ransom demand suffered a second ransomware attack, with 53% falling victim to the same attackers.
With people and devices outside of the castle gates, some studies show that many firms are not taking the issue as seriously as they should. For example, one in five UK home workers has received no training on cyber-security.
Another UK study last year found that 57% of IT decision-makers believe that remote workers will expose their firm to the risk of a data breach. This report also found that two out of three employees who printed potentially sensitive work documents at home admitted to putting the papers in their bins without shredding them first.
Setting up home/remote workers as if there were in the office is paramount and businesses need to have security audits conducted now, as personally, my opinion is that the 50% of the time, we will not return to our workplace in the same way prior to COVID-19 hitting the world.
Criminals rely on human error and fear of not responding to that email from the CEO who needs that immediate money transfer to a supplier to keep trading. Hacking into home networks and devices to then being able to access company data will only increase.
In the USA, millions of employees who have worked remotely because of COVID-19 and are now returning to the office on a full-time or hybrid basis could also bring their bad cybersecurity habits, putting companies at greater risk for cyber-related crisis situations.
A new survey recently released by Tessian, an email security company, found that:
- A majority of IT leaders (56%) believed their employees have picked up bad cybersecurity behaviour since working from home
- Sixty-nine percent of the leaders said ransomware attacks will be a greater concern in a hybrid workplace
- Over half (54%) were concerned that staff will bring infected devices and malware into the workplace
- And their apprehension appeared to be well-founded as40% of employees said they plan to work from personal devices in the office
It is really time to see your employees home network or device as an extension to the workplace and my personal opinion is that separate broadband is installed for the sole purpose of accessing the company network. Also, consider secure VPN access (if a server is at the workplace) or ensuring that the home device has the same level of antivirus and real-time web scanning as any of the workplace devices.
Keep your company and people trained, vigilant and safe.
If you feel inspired to find out more then do call me on 07555 807700 or leave a comment below and I'll be in touch as soon as I can.