The coronavirus pandemic made the importance of adaptability clear.
Companies that introduced flexible business practices and remote working programmes had more success in keeping business running than those with workforces bound to specific times and places.
However, flexibility often comes at the expense of security. With workers now spread out and relying on ad hoc digital solutions, cybersecurity standards have understandably loosened, creating new opportunities for cyberattacks.
How then do companies balance staying connected and maintaining standards against keeping operations and data safe?
DIGIT spoke with Softworx Founder and Group Managing Director Alan Smillie about how companies can maintain robust security standards in an age of remote working.
When lockdown began, companies found themselves having to accelerate digital programmes. What should have taken months and years suddenly had to be done in days and weeks. Workers often relied on their own mobile phones, computers, and internet connections. Some may still be using them.
This saw the rapid rise of online and cloud-based services, with big winners such as Zoom and Teams becoming household names almost overnight. Microsoft’s Office 365, Google’s G Suite and others also helped workers stay connected and recreate some of the collaborations that happen in an office.
“A lot of people are asking how you get the same productivity, visibility, and security you would if you were in the office,” Smillie said. “Now people are looking at what flexibility can we put into our infrastructure.”
While most companies have proven that they can add flexibility to their operations in short order, the increased reliance on digital solutions in a distributed workforce means security is playing catch up.
“Security is vital in anything relating to digital or data,” Smillie said. “And I think that people have probably had some exposure in their business practices because they had to act quickly.”
Though corporate environments generally have firm security measures in place, such as firewalls and regular data backups, these same standards are not applied to most people’s home systems.
“The dispersed nature of work just now means that the overall security is harder to manage. It’s achievable with appropriate planning solutions, but it’s a lot more difficult than it once was because people are working from home and not within a corporate environment,” he added.
This means that remote workers are operating beyond the confines of a corporate firewall, secure wi-fi, or even simple and immediate feedback and advice from colleagues. It also means that it is harder to enforce cybersecurity policies.
Even worse, all it takes for cybercriminals to access a corporate network is one unsecured port. A single phishing email opened from an unsecured home computer could give hackers access to a company’s data, opening them up to a serious ransomware attack.
Preparing for the Worst
At a minimum, companies should ensure they have adequate backups to maintain business continuity in case of disruption.
“Most people in the data backup world use a 3-2-1 analogy – you have three copies, with no more than two in one location, and one of them has to be effectively air-gapped. That means if you have two on-site, the third one has to be on a cloud or in a separate location with no connection with the others,” Smillie said.
Ransomware attacks have evolved in recent years. Backups were once enough to deal with an encryption attack – a company could simply replace the encrypted data to ensure business continuity.
However, savvy ransomware attackers are on the lookout for backups to encrypt, meaning isolating stored data is essential.
But perhaps the most significant development is the risk of hackers copying and selling the encrypted data. Backups cannot protect against the reputational damage and potential GDPR fine involved in such a breach.
It is the continued development and increasing sophistication of cyberattacks that has led to new philosophy – that bad actors will always find a way into a network, and the best response is dealing with them once they are in.
“The trend within cyber security is NDR – Network Detection and Response,” Smillie explained. “That means having a tool in place so that once someone gets in a network, the bad actor can be identified, quarantined and stopped from doing any damage.”
NDR identifies typical employee behaviour on a network, such as frequently accessed folders and drives. When a user acts suspiciously, the system spots the behaviour and either alerts the security supervisor or, for more advanced systems, acts autonomously.
“With machine learning and AI, this becomes an automated process, where it simply identifies anomalous behaviour,” he added.
As cyberattacks become more sophisticated, so too are the tools needed to combat them. The days of having a single person responsible for dealing with cybersecurity issues are ending. Individuals lack the capacity to react to the scale and frequency of attacks.
“It’s a volume issue – AI and machine learning can almost check a device effectively in real-time, so that you may have vulnerabilities for seconds or minutes. Whereas if a person gets an alert in a Security Operations Centre, they may not catch it immediately, or only get through 49 out of 50 alerts and when they get to the 50th the malicious code has done a lot of damage.
“So, because of scale, AI and machine learning is absolutely a huge part of the cyber world. The bad guys are now using digital technology, and to simply have human intervention is really not scalable now.”
While cybersecurity threats have developed, robust measures and policies are still a powerful tool to make opportunistic attacks more difficult. Even with remote workers, businesses have several tools at their disposal.
“On a corporate device, you can force every piece of activity through a secure channel, whether that’s a cloud-based firewall or a VPN, back to the corporate firewall,” Smillie said.
“There are more challenges around home devices because their computer may be used by other people, and they may accidentally download malicious code, which could get back into the corporate network.”
However, cybercriminals are becoming smarter and for every technique that is created to fight them, they find a creative workaround.
“It used to be that the clever thing to do is if you’ve got something that looks suspicious, you can go to an email address – if you click on the email address you’ll see who sent it and if it came from a corporate email address.
“The challenge that you have now is that some of those files are actually an executable file. Someone may innocently click on that link to check if it’s legitimate, and accidentally activate an executable file.”
However, all digital security systems and protocols will only work if people follow them. With people working unsupervised remotely, it is easy for them to fall into bad habits, creating opportunities for cyberattacks.
As such, creating good cybersecurity habits amongst employees and making sure they are adhered to is the first line of defence, even when remote working. This is key to ensuring that operations are securing without sacrificing connectivity.
“I think the flexibility of having those collaboration tools is very relevant. If we have that disjointed work environment, how can we make sure that the policies and procedures in place to protect sensitive data will be secure?”