Depending on where you are in the world, it is now approximately one year since the COVID-19 pandemic meant that many employees had to start working from home suddenly. This caused many issues. Luckier people had a home office or spare room to work from, while others had to make do with the kitchen table or the sofa.
Those with children had to juggle homeschooling, sharing 'desk' space and wi-fi, while everyone had to adjust to a highly stressful, anxious and unfolding situation. There was also a significant impact on cybersecurity, with new threats emerging and in-house IT teams scrambling to secure home workers in quick time.
Without tempting fate, it feels as if we have turned the corner with the pandemic, and we are approaching a time when people will start returning to the workplace. Yet with many organizations now embracing a “remote-first” model, where employees will work at home either all or some of the time, what will a permanently distributed workforce mean for cybersecurity?
Battling a Varied and Growing Threat
As with many elements of life, COVID-19 served to accelerate trends that were already taking place. This certainly applies to the volume of threats facing cybersecurity teams. In late 2020, Fortra research with CISOs of global financial organizations revealed that 45% of respondents reported an increase in cyber-attacks since the pandemic first emerged.
Social engineering lures are a good example. These are fake but realistic emails sent to employees about current events which try to get them to click a link. They were already commonplace and a relatively straightforward tactic for cybercriminals, who lock on to topical stories in the news and attempt to gain access to sensitive information or release viruses onto the network. When COVID-19 first emerged, criminals played on people’s fears and anxiety about the pandemic with emails about PPE and fundraising appeals for COVID-19 victims.
It was harder for cybersecurity teams to keep a watchful eye on such activity with employees working from home. This is where advanced email security solutions can play an important role. These detect phishing emails and remove threats from messages, documents and other files and disable any URLs before they even enter the network, a process known as content sanitization.
Increased File Sharing
Digital collaboration between internal and external teams has become much more common in business generally over the past decade, especially with the widespread adoption of applications such as DropBox and OneDrive. Yet they are not without risk in terms of cybersecurity. With employees spread out in disparate locations during the pandemic, the increased need to share files upped the cybersecurity risk even more.
Almost half the CISOs in the Fortra's research admitted that they had already increased their investment in secure collaboration tools. Managed File Transfer (MFT) solutions are a principal area of investment and have assumed a new importance as a technology that allows the safe transfer of files, both inside and outside an organization.
Fortra's GoAnywhere MFT uses encryption and authentication to keep enterprises safe when sharing files and can also be deployed in harness with Clearswift’s Secure ICAP Gateway. This adds an additional layer of content inspection and automatic sanitization to the data being transferred providing even greater protection for employees, whether in the office or working from home. Crucially, it does so without interrupting the information flow and file sharing that is such an intrinsic part of modern business.
The Need for Cybersecurity Agility
What is clear is that we will not return to the same working patterns that we did before the pandemic took hold. Some people may crave a return to the office, and others have enjoyed the work/life balance improvements that can come from working at home, so the future of work will likely combine the two.
More than ever, cybersecurity teams need to be agile to changing requirements and situations. In terms of technology, this means providing the best software tools to enable your remote workforce to collaborate securely. But just giving employees the right tools is not enough. Cybersecurity teams need to instil the processes and training that are just as important as the technology in keeping an organization secure and compliant. Doing this ensures that when people work from home, they don’t cut corners and are as switched on and aware of potential threats as they would be in the office.