Thinc insights
SMEs have had to adapt to remote working, but is their cyber security ready for this change?
Despite the suddenness of the change, most businesses managed to adapt successfully, and employees happily accepted the new norm of having a home office. But just as people have begun to settle into this new way of life, many businesses are expressing growing concerns around cyber security and issues with remote access to their data.
With a large percentage of staff working remotely to retain a level of productivity, businesses now have an established ‘distributed workforce’. This offer employees many benefits in terms of work/life balance and flexibility but it also means that there is a wider attack surface for their business network – and a greater risk of attack from cyber criminals.
The question now is how can you reduce that level of risk? More specifically, how can you do so without major downtime or a complete redesign of the IT infrastructure, which will affect productivity to level that is not viable?
The vast majority of businesses have historically operated from a single fixed location. That was still true at the start of 2020, before the global pandemic hit. Even then, it was tough to keep up with cyber security recommendations for users that need secure access to business IT systems.
That challenge has seemingly been amplified by the acceptance that the distributed workforce is here to stay – and could even become the standard way of working in the future. It’s not just employees and business owners that have had to adapt. Best practice cyber security measures also need to evolve in response to an increased threat level from cyber-attacks.
For small and medium sized businesses, adapting to a distributed workforce has various knock-on effects. Employees may need to work from home, the office, or another location at short notice. We’ve seen many SMEs (with mixed levels of success and efficiency) quickly scramble to make ‘connected’ home working viable and possible for their office-based workers.
With 2020 well behind us, most businesses have now adapted and made connected home working possible. By and large, that has provided a welcome reduction in the usual business expenses linked to a city centre office. However, many have done so without undertaking any sort of threat analysis for cyber-attacks.
It’s well known that most recorded cyber-attacks target system endpoints (laptops, PCs and mobile devices) as well as users (through emails and social media accounts). When working from home, it’s easy to be more relaxed about security, which makes cyber attacks more likely to succeed and can result in costly business disruptions.
When it comes to cybersecurity for a distributed workforce, it’s important to recognize that employees’ behaviour regarding their devices and online activity has changed. Staff members are expected to be more flexible, often balancing work with other responsibilities like home-schooling.
This brings additional users onto connected endpoint devices, which increases the levels of risk. That often results in blurred lines between the use of a company laptop for work and non-work purposes.
It’s also common for people to use multiple devices on the same network for work, school, and personal needs, so it’s crucial to use a VPN with two-factor authentication when connecting to the business network.
Finally, there’s a risk that the more relaxed approach to viewing website content and email attachments that you may have for non-work devices will transfer to the approach for work devices. Without the right protection, this could result in malware or viruses on work laptops, leading to costly downtime. That’s why it’s so important to have endpoint baseline protection, effectively acting as an insurance policy.
For many businesses, the biggest concern is that they may not even know if their network is infected with malware or ransomware. Additionally, many are not equipped to protect themselves against new targeted threats.
The first step should be to undertake a known vulnerability assessment, which involves every device on the network with an IP address. This type of assessment makes comparisons for known malware and ransomware as part of an internal review, in addition to checking for any external network vulnerabilities.
To find out more about what is involved with a Thinc known vulnerability assessment for your business, simply contact our team and speak to our advisors today.
Related Topics
Get in touch
Enter your details into the contact form below, and one of our experts will be in touch to arrange a time to speak.
If you’re an existing customer looking for support, please e-mail servicedesk@wearethinc.com, or visit our support page where you can download our remote support apps.