As more people work from home, the rate of cyber attacks is increasing exponentially. Since 10 March 2020, the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has received approximately two calls per day from individuals, businesses and government departments about various COVID-19 themed scams, online frauds and phishing campaigns that have cost Australians money or access to their personal information.
Many of these scams are targeting work from home employees, with cyber criminals claiming to be from IT or telecommunications companies, banks, government departments, or even from their own organisation’s management team.
Cyber criminals have the most to gain from access to intellectual property, which results in significant financial and reputational losses for organisations. The costs can include employee downtime, direct costs of remediating a breach, and far-reaching reputational impacts that damage customer and investor confidence.
There are three key things organisations can do now to protect their intellectual property and reduce the risk of cyber attacks:
1. Develop a strong cyber-security culture
Even though most employees are working in isolation, it’s not too late to develop a strong cyber-security culture. It is a well-known fact that people are an organisation’s best defence, and greatest point of failure, when it comes to the protection of an organisation’s intellectual property. Everyone must take responsibility for online security, particularly the leadership team given that organisational culture permeates from the top down. As part of this commitment, all workers should have up-to-date cyber-security training, and the business must have best practice processes in place to protect the organisation’s information.
2. Identify and mitigate security exposures in the home office environment
Most organisations were not prepared for the rapid transition to a broad-scale work from home environment, so many weren’t able to provide employees with company-owned devices. This means workers are using their own laptops, smartphones and tablets, as well as home wi-fi, to access company systems and information. These consumer devices don’t carry the same levels of protection as corporate devices. They also don’t provide the same security control around what people can download onto their devices compared with a corporate-owned device. Additionally, everyday items in the home are more connected through the Internet of Things (IoT), which can provide a potential opportunity for ransomware attacks on organisations, with cyber criminals able to access company networks through employees’ home-based devices.
An IT audit is recommended to determine which devices employees are using to access corporate data. The audit should include information about apps, such as online video conferencing, that employees are using. It should also include any IoT devices that employees have in the home.
3. Use authentication and secure cloud services to manage information
Cloud security is vital to organisations that are increasingly exposed to vulnerabilities across cloud, IoT and mobile devices operated by their employees. As operational technology converges, IT security becomes more challenging. Only 10 percent of respondents surveyed in a Fortinet and Forrester study reported they had never experienced an operational technology threat. In contrast, 58 percent of organisations had an online breach in the past 12 months.
By maintaining secure connections to applications and data on the cloud, companies are better able to monitor and control information across all corporate and personal devices, while ensuring governance and compliance. Using secure, shared organisational applications also reduces the risk of information being lost or compromised on personal laptop or desktop devices.
To protect the confidentiality of information, and ultimately the integrity of the organisation’s intellectual property, appropriate encryption and authentication processes must be in place and communicated with employees. Only authorised users should be granted access to business systems via multi-factor authentication.
As part of the organisational approach to cyber security, firewall security should be calibrated to align with the new work environment.
To learn more about how organisations are adapting in the new business environment, read more about the Nexon and Fortinet business response series here