When the pandemic hit the world, organizations were scrambling to get their employees prepared for working remotely. That created a major headache for IT teams as well as Chief Information Security Officers (CISO). The sudden change left security on the backburner as companies prioritized business operations to stay afloat. Of course, it's important to drive revenue and keep customers happy, however, letting security fall through the cracks can easily mean the end for any company.
Cybersecurity vendor Netwrix held a survey in June after about three months of remote work to see how the pandemic and the work from home (WFH) shift had affected the IT risk landscape. The common trend through all the attack vectors that companies reported experiencing seems to involve an employee doing something they weren't supposed to. These actions include phishing at 48%, administrator mistakes at 27%, and improper data sharing from employees at 26%.
The survey also shows that every fourth organization feels that they are more exposed to risks than they were before the pandemic took the world by storm. Of those, 63% reported seeing an increase in cyberattacks, and 60% found new security gaps resulting from the transition to remote work. One of the most alarming statistics found in the survey was - you guessed it - that 85% of CISOs admit to sacrificing security to ease the transition to remote work.
Tips for protecting your employees:
- Email security:
- Provide training for your employees so they are better able to recognize a phishing email. Phishing is and will continue to be one of the most effective methods for attackers to gain access to information. Training is the most effective method to prevent a phishing email from becoming and incident.
- Prioritize Security:
- Make cybersecurity a priority. While maintaining business operations is the most critical, cybersecurity should be one of your top priorities. Cybersecurity is difficult to prioritize but it is more effective to be proactive than to lose critical time and resources waiting for network or critical service to recover from an incident.
- Implement Data Rights Management (DRM):
- DRM has always been a critical piece of cybersecurity, and has always been a bit elusive, but the new world of remote work has made DRM a more important aspect of your cybersecurity program. By implementing DRM, you can control the access to data inside and outside the network from being printed, edited, or even saved to a USB device.
- Awareness:
- Provide a communication method to ensure employees are aware that attacks are on the rise. Social engineering is a primary means of transporting malicious software and gathering credentials. Ensuring your employees are aware is the most effective way to defend against social engineering attacks.