Cybersecurity in the "Work from Home" scenario
The home office, remote working, working from home - these terms are all too familiar now for most of us. Working outside of the office environment is now not just something freelancers and gig workers or consultants do. So, what do we need to keep top of mind while we're in the process of creating a secure home office?
Cybersecurity challenges in 2021 and how to address them
During the course of 2020 and now into 2021, attitudes towards working from home have dramatically shifted the world over. The rise of the remote worker at such scale has shifted so much that it's triggered a change from the standard "corporate perimeter concept" (i.e. perimeter security) to a need for "micro-office security certification" (i.e. creating more secure hybrid environments). That, in itself, is but one of the hurdles and challenges IT and security teams are currently working to solve.
Outsourcing of IT and cybersecurity functions may thus be crucial to solve expertise shortages and save budgets. "To coordinate managed service providers along with using multiple cloud services, cloud security and management skills will become a 'must have'. According to a new Kaspersky report entitled "Plugging the gaps: 2021 corporate IT security predictions"1, these and other cybersecurity challenges and trends will be among those that businesses will have to manage this year," says Charl Ueckermann, CEO of AVeS Cyber Security.
"A shift to remote work, financial constraints due to economic recession and the growth of cyber threats due to the global pandemic is already affecting the day-to-day role of cybersecurity professionals in 2021. Understanding the challenges but also perceiving opportunities in IT and IT security management is key for companies to maintain an adequate level of data protection," he adds.
4 Cybersecurity trends to watch
The recent Kaspersky report entitled: "Plugging the gaps: 2021 corporate IT security predictions" suggests advice for each role related to cybersecurity within an organisation; including that of CEOs or business owners, CISOs (Chief Information Security Officers), SOC (Security Operation Centre) team leads and IT managers.
Here are some of the main trends to monitor:
- Protecting the perimeter is no longer enough - home office assessment and protection will be needed.
There should be tools to scan the security level in a workplace - from the presence of software vulnerabilities to connecting to an unreliable or unprotected Wi-Fi hotspot. It will also require:
- wider adoption of VPN (Virtual Private Network)
- privileged access management
- multifactor authentication systems
- the implementation of more proactive cybersecurity monitoring, and
- the updating of existing contingency and emergency plans.
- Transition to a service model that will better enable the necessary IT and IT security levels with lower investments.
According to Kaspersky's survey1, seven-in-10 (72%) of businesses in the META region (i.e., Middle East, Turkey and Africa), said they already plan to use a managed services provider (MSP) or managed security services provider (MSSP) in the next 12-months.
"This is for good reason as the service model helps to minimise capital investments and transition business costs from CapEx to OpEx," says Ueckermann.
- Training for internal IT security specialists should incorporate management skills.
Cybersecurity professions split into very narrow specialisations. As a result, hiring staff for each specific role may become too great an expense for some organisations and companies. For smaller businesses, in particular, this may be too expensive. Professional development is something to consider as market demand for specialised professionals continues to outgrow the supply of specialist skills. For larger enterprises or corporations, it has become unprofitable to insource and develop large groups of specialist teams.
"This is where outsourcing can help to plug the gap," he adds to this point. "However, businesses that outsource key cybersecurity components still need to focus on developing management skills for their in-house teams to handle those outsourced functions."
- There will be an increased reliance on cloud services, making dedicated management and protection measures necessary.
The survey1 showed that in 2020, employees in 91% of enterprises and 95% of SMBs in the META region used non-corporate software and cloud services such as social networks, messengers or other applications. For the foreseeable future, this is unlikely to change when staff return to the office.
"To ensure that any corporate data is kept under control, better visibility over cloud access will be necessary. IT security managers will need to align themselves with this cloud paradigm and develop skills for cloud management and protection," says Ueckermann.
How to stay safe when working from home
Before the global outbreak of COVID-19 swung us all into a new way to live and work, the level of cyber threats was already affecting businesses at an incredible rate. The dramatic shift in employees' need to now work-from-anywhere has also multiplied the number of remote networks requiring intensified protection. The home office is now very much a part of any organisation's physical premises - and it's a vulnerable space.
Strengthened proactive actions are all the more necessary and can only be sufficiently structured when organisations can understand how specific threats are being deployed. Key responsible employees need to fully understand where such threats originate from to equip a business's remote-working employees with the most effective security solutions and policies. It has become imperative to have an airtight cybersecurity plan - gauging from the Kaspersky report1, it's ever more important as we live and work through 2021.
Along with the introduction of new and improved cybersecurity practices, the quality of tools that enable these changes will be equally important. Quality of protection and seamless manageability are critical when choosing cybersecurity solutions.
Discovery Business Insurance is perfectly primed to offer holistic business risk protection and includes a cybersecurity offering relevant to today's challenges. In partnership with AVeS Cyber Security, Discovery Business Insurance offers your organisation the most pertinent and knowledgeable base of security specialists to help you withstand any form of cybercrime.
Watch this short video for a full overview of the Discovery Business Insurance offering:
References:
- AO Kaspersky Lab, 2021. "Plugging the gaps: 2021 corporate IT security predictions". Retrieved from https://www.kaspersky.com/blog/it-security-economics-2020-part-3/
- Google blocked 100 million phishing attack emails every day, in April 2020. 18 million of those blocked emails were scam emails related to the coronavirus pandemic. https://www.bbc.com/news/technology-52319093
Get innovative business cover, including cover for the risks of today
Discovery Business Insurance, in partnership with specialist companies, give you cover and services to manage the evolving and modern risks your business faces, including cyber risks, reputational risks and legal risks. Our cyber insurance cover provides a holistic approach in helping you to both understand and mitigate the cyber-risks of your business. As part of our partnership with AVeS Cyber Security, you get access to protection packages at discounted rates to know and address the risks and to protect your business from the effects of a cyber-attack. Get more information here.
Related articles
The importance of cyber security and insurance for businesses
Having adequate cyber security and cyber insurance is more important than ever before. This year's National Cyber Security Awareness Month (NCSAM) theme is a call to "Do your part. #BeCyberSmart." Find out how a holistic approach to cyber security is the way to go.
No business is too small for a cyber-attack - don't be laid back
No business is too small to take cybercrime seriously. As businesses become more reliant on technology, the more doors open to cyber threats. Do you know them?
Costs are staggering - will your business survive when cyber-criminals strike?
The internet has given businesses new ways to grow and reach customers. Computers and digital innovations have also opened new doors for criminals to target businesses. Don't become a statistic of the rising cybercrime tide.