The modern workplace is an ever changing environment, and due to COVID-19 many companies have moved to remote working and are considering this as becoming a permanent move going forwards. But what impact does this have on your data security?
The growth of a remote workforce has led to an increase in the risks surrounding securing personal devices, poorly secured home Wi-Fi and weak passwords. The impact of the pandemic has made many businesses switch to the cloud, meaning outsourcing and trusting a vendor to keep your data safe. With the move to remote working many employees are using cloud-based platforms such as Office 365 and Zoom to meet their communication needs.
The Cloud Industry Forum found that the Covid-19 pandemic has forced the large majority of organisations (83%) to change their IT strategy in some way. They also found that 88% of organisations expect their adoption of cloud services to increase over the next 12 months.
Cloud and multi-vendor
Adam Kujawa, a director of Malwarebytes Labs, explains the importance of optimising your digital security. “Organizations that adopted cloud-based data storage likely increased their security if they were previously only using an on-prem data storage solution. By using cloud providers, you increase the secure access of data by trusted users as well as provide additional layers of encryption and/or authentication.
“The biggest concern about hosting data in the cloud is someone having access to that data, that isn’t supposed to have access. So finding a provider that really goes the distance with authentication and encryption is a good bet.”
Working from home can pose cybersecurity risks and with people sharing information back and forth, data protection is more important than ever. If a company’s data is compromised, they will be the ones having to answer to their customers, therefore just because you are using cloud computing you cannot let your guard down.
Choosing whether a single vendor or a multi-vendor approach for your business is correct can depend on different factors such as the size of your company, budget and resources. Relying on one vendor to protect your business from all angles does have some benefits such as only having to deal with one contact, but this single vendor may not be the industry lead in all the products it is using to protect your business. A multi-layered approach that includes different product categories will provide the best protection. The more layers, the higher chance of maintaining a strong security defence.
Kujawa added: “Data security and data accessibility go hand in hand, if your security makes it difficult to achieve accessibility of the data, users may try to find ways to subvert security for the sake of convenience, for example downloading confidential and important files to a personal device for offline access, or using personal e-mail or communication tools for internal comms that you would normally do with secured accounts.”
Should businesses be taking extra precautions?
In a survey carried out by Barracuda they found that “almost half (46%) of global businesses have encountered at least one cybersecurity scare since shifting to a remote working model during the COVID-19 lockdown.” The research conducted includes answers from over 1,000 businesses in the UK, US, France and Germany.
Protecting work devices that are no longer connected to a secure company network is important. David Emm, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT) said: “It’s important that all businesses pre-install staff computers and devices with security software to ensure they are protected at all times, to minimise the risk of attack. Staff should also know how to install or check the status of antivirus software while working on personal, or company devices from home, to secure corporate information and networks.”
Research conducted by Kaspersky shows that nearly a quarter (23%) of desktops and 17% of laptops supplied by UK employers lack security software – leaving those devices (and therefore the business) potentially vulnerable to cyberthreats.
We spoke to Tim Brooks, Operations Director at Botprobe, about whether businesses should be taking extra precautions in regard to data whilst remote working. “Absolutely. The expectation of a level of protection from the office network firewall is missing; in fact, it has to be explicitly breached to allow remote working. There is still a need for antivirus, patching, browser security. etc. that can be straightforwardly maintained on the remote work computer, but that co-existence with a plethora of unknown, unmanaged, devices on the home network provides a wealth of opportunities for the hacker to quietly and systematically look for entry points, copy and analyse data streams, etc.”
There is always an element of risk with cloud computing and trusting someone else with your data. Cloud storage is often ideal for companies as it provides the reassurance that important documents and data will not be lost if someone’s hard drive breaks, and the cloud is also accessible from anywhere that has an internet connection. Cloud providers invest heavily in their security systems and most have multiple layers of protection, such as encryption and multifactor authentication.
With the expectation that remote working is here to stay, for many businesses it is even more imperative to reinforce security awareness. Protecting data is important for everyone, whether that be staff or customers, therefore businesses should be putting the provisions in place to ensure data cannot be misused or misdirected whilst at home.
There are certain steps businesses can take to ensure data will be protected such as making sure security software, such as firewalls and antivirus software, are up to date, setting secure passwords and ensuring all internet connections are secure. In considering how secure your data is and the different options available to businesses, the one element that must not be forgotten or neglected is the human element and therefore it is imperative for businesses to ensure that they educate and train their staff to follow the correct procedures which is key to certifying that all data they have access to is handled and stored safely.