We are currently living during the zenith of the digital age. Society has grown increasingly reliant on technology to provide it with ease of communication, organisation, and entertainment. However, as remote working practices have magnified our reliance on technology, this has inevitably come with its own challenges.
With staff members operating from home without adequate security training, companies are at greater risk of malicious cyber-attacks. What are the threats posed by underdeveloped cybersecurity, and what can businesses do to combat them?
Lockdowns have meant that 1 in 3 people are working from home. People are using personal computers to log into the office and access swathes of unprotected data, which presents the perfect opportunity for hackers. Workers are being tricked into downloading viruses and malware, and some may not even be aware of how to spot a phishing email.
A recent survey by Hayes Connor Solicitors found that 1 in 5 people have had no cybersecurity training, and only 1 in 9 businesses (11%) have provided this training to non-cyber employees. These alarming statistics have been exposed by the sudden shift to remote working.
Larger corporations such as Microsoft have also recently become the recipients of mass cyber-attacks; employees began to notice that their Exchange servers were being hacked on 6th January 2021, when much of the world was absorbed in the U.S Capital riots.
Hacking groups were finding loopholes in the security system and exploiting these to siphon email communications, and Microsoft released emergency security updates at the beginning of March to combat security flaws within these servers.
Police departments, hospitals, and school districts were among those impacted, and it is estimated that the cost of the cleanup will be colossal. There is no doubt that large companies like Microsoft will need to invest more in securing their non-cloud based products in the future.
Due to the haste with which companies were required to transfer to remote working, companies do not have the correct security practices in place to protect their information. A solution would be to have a training programme in place for every worker, to increase their awareness in areas such as data protection.
Companies should first make it clearer how their employees can contact their internal IT department for advice. They should also not allow their staff to use personal computers, because information discussed over video conferences can oftentimes be confidential and therefore present a security risk.
This risk can be diminished through end to end encryption, and the protection of confidential conference calls with a password only accessible to those participating.
On a more local level, people working from home can download a VPN (a virtual private network) which allows them to encrypt internet traffic and access data which would only be accessible on the company’s network. This is simple enough for an individual to complete and will likely not require assistance from an IT department.
Password security is also key – employees should ensure that they have strong passwords and do not use the same one for all of their accounts.
One cannot discuss cybersecurity threats without mentioning the challenge posed by Deepfakes, an AI-based technology that has recently spiked in popularity.
This software allows hackers to forge images and videos to make them seem authentic, enabling them to manipulate the average employee to gain access to confidential data.
This is damaging for businesses as it could lead to major financial losses and it presents another platform for misinformation to be spread.
This issue has already been well established. For example, in 2019, the CEO of a UK-based energy company was scammed out of €220,000 as he believed that he was on the phone with his boss, when truly he was subjected to an impersonation by a Hungarian supplier who utilised audio samples.
This is the first instance of a major deepfake scam on a large scale, but it certainly demonstrates the challenges posed to businesses as the software continues to grow.
The threat presented by deepfakes can be combatted by ensuring that there is a contingency plan in place within the IT department if companies ever become the victim of deepfake scams.
The pandemic has arguably helped to illuminate the issue of cybersecurity, and has made it clear that businesses should be taking further action to lower the risk of online attacks.
With many companies considering the incorporation of remote working into their practices in the long term, it is vital that they begin laying the foundations for a well-guarded information system now rather than later.
It is reassuring to see that many businesses are beginning to use their initiative and are taking the extra step to avoid potential data breaches.