The reality of the ongoing hybrid work model has become the norm for the foreseeable future across industries.
Borderless teams transcend the boundaries of cities, states and even continents. Sensitive data is moving across devices, some of which are operating outside of the usual business network. In early 2020, it was an understandably abrupt shift as organizations had to quickly ramp up to remote work.
As these changes are in for the long term, it is time to pay acute attention to the technology and security walls used. According to Proofpoint’s 2021 Voice of the CISO report, long-term hybrid work environments present a new challenge for Chief Information Security Officers (CISOs).
We found that 66 per cent of CISOs in the UAE agree that remote working has made their organizations more vulnerable to targeted cyberattacks, with 76 per cent revealing they had seen an increase in targeted attacks in the last 12 months, the highest among the surveyed countries.
The report reinforced that though employees understand their roles in protecting their organization from cyber threats, 70 per cent of CISOs in UAE still consider human error to be their organization’s biggest cyber vulnerability. CISOs in the UAE listed using unauthorized devices, tools, and applications as well as falling victim to phishing emails as the most likely ways employees put their business at risk.
Cybersecurity is no longer just a challenge. At the office, employees generally use designated office devices that are secured with physical and electronic layers of security. When employees work remotely, however, they often use personal devices and public Wi-Fi networks, making them vulnerable to malicious threat actors. This poses a major threat to data security.
So, what do employees need to do to protect their devices, and ultimately safeguard their organizational systems?
Organizations should prioritize a people-centric approach to security that protects all parties - employees, customers, and business partners - against these threats.
Most cyberattacks target people, not technology. In fact, more than 99 per cent of cyberattacks require human interaction to be successful, which is why educating employees on how to thwart cyber-attacks is critical for the security of any organization. With regular and up-to-date security awareness trainings, employees can learn how to recognize and be empowered to act when faced with phishing, ransomware and business email compromise (BEC) attempts. In this way, they themselves can become a strong line of defense that proactively protects the organization.
With remote working and cloud computing, though any information can easily be accessed by employees wherever they are, the same is also true for cybercriminals looking to exploit vulnerabilities. While the priority for organizations is to invest in security, the employees should be required to secure personal devices they intend to use for work.
Better still, businesses can designate a remote employee’s work device and secure it themselves with authorized anti-virus and security software.
There may be a lot of remote endpoints being used to access these critical assets — from laptops to mobile phones. Any endpoint that is unmanaged can be exploited to access sensitive data, install malware, or be tampered.
In the event of accidental data loss, remote employees using their own devices often do not have adequate backup and recovery options. The need of the hour is cloud backup solutions customized for small businesses, effectively covering backup requirements for the office as well as remote employees in one single account, eliminating all hassle and keeping data secure.
Employees should also refrain from accessing their corporate accounts using unsecured public wi-fi. This way, malicious actors nearby can easily spy on their connection and harvest confidential information. Hence, they should only access authorized and secured Wi-Fi networks.
Encryption is key
Organizations should encrypt information that’s stored on their network. Every day, employees share private company data, from client account information to files and more. If sensitive company information is intercepted, it can lead to identity fraud, ransomware cyberattacks, theft, and more. Hence, encryption is vital to safeguard critical information.
Ensuring security in the cloud should be a priority for any organization with a remote workforce, and this starts with mitigating the risks. Enterprises should aim to strike a balance between convenience and security — empowering employees and protecting critical assets at the same time.