Cybersecurity must be top of mind when managing a new, more complex, hybrid workforce – comments from the IEEE
Gartner has revealed that 82 percent of company leaders plan to allow employees to work remotely at least some of the time. With a new, hybrid way of working comes some potential security issues. Professor Kevin Curran, senior IEEE member and professor of cybersecurity at Ulster University, highlights a few ways organisations can stay safe:
“As companies begin to navigate the ‘new normal’ as a result of the pandemic, cybersecurity training for staff is important, as people are often the weakest link in security. As such, it is important to ensure all employees are well trained on aspects such as cyber security best practice, including phishing and data sharing practices, keeping software updated, unique strong passwords and enabling two-factor authentication. The first line of defence for organisations to stop some attacks is to simply educate employees about the dangers of clicking on links, however only a fraction will listen and learn. There has recently been a new movement where security teams send phishing emails containing fake malware to their employees which, when activated, simply leads them to a site telling them about their mistake and educating them on the dangers of what they did. Education is crucial.
“The rapid move towards remote working is an obvious risk. Some organisations will have built policies and procedures over many years which protect staff and the organisations infrastructure. However, unless a significant percentage of employees had previous access to proper remote access technologies, there is a real risk of them making bad choices.
“Virtual private networks (VPNs) should be used to secure data between remote workers and core systems. In the ideal world, organisations would have a zero trust network system deployed. However, this can be difficult to implement in response to Coronavirus, as it should ideally be rolled out in a phased manner which entails pilot projects and tweaks in a safe environment before deployment. Saying that, if an organisation has not yet embraced the concepts of privileged access and least privilege, or still uses shared accounts for access then zero trust is probably not going to work. Organisations should also make sure that employees have up-to-date security protection on any devices, such as virus checkers, firewalls and device encryption.”