• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

remote working

Global study shines security spotlight on hybrid working

960 640 Stuart O'Brien

96% of business leaders and 93% of employees agree that it is important for their company to have a system in place that logs and tracks visitors who enter and exit the building when employees work in the office.

That’s according to a new study Securing the New Hybrid Workplace, undertaken by Entrust, to gauge the mood within business as a rise in variants spurs new uncertainties around the COVID-19 pandemic, with many developing a long-term plan and work model, whether in-person, remote or hybrid, that meets the needs of employees and the business.

Entrust surveyed 1,500 business leaders and 1,500 general employees from 10 countries to better understand how workers from the manager level to the C-suite are preparing for a new hybrid workplace. Key findings include:

  • Hybrid is here to stay, but security concerns are high: The overwhelming majority of respondent companies are moving to a long-term hybrid workplace approach. In fact, 80% of leaders and 75% of employees said their company is currently using a hybrid model or is fully remote and considering a hybrid work model. But, 54% of employees reported up to six instances of lost productivity due to network access issues and leaders cite home internet security (21%) and leakage of sensitive company data (20%) among their top security challenges.
  • Visitor management is an in-office priority: Having a detailed record of who has been in and out of a company’s office is a larger priority in 2021. 96% of business leaders and 93% of employees agree that it is important for their company to have a system in place that logs and tracks visitors who enter and exit the building when employees work in the office.
  • Home office data security presents new challenges: Businesses need to change their data security approach now that employees are more decentralized than ever before. However, while data security is a priority for leaders with 81% saying their company has offered employees training on it, only 61% of employees said their company offers this training, indicating a communication gap.

Anudeep Parhar, Chief Information Officer at Entrust, said: “With the uncertainties of the last year and a half, many organisations are well-adapted to remote work. With leaders planning the future state of their workplace models, we wanted to ask how they are adapting security and identity for the hybrid workplace: how are leaders and employees prepared to protect data and sensitive information? How will office security evolve? Will adapting to hybrid workplaces multiply vulnerabilities… or will enterprises choose smart security strategies to enable employees wherever they work?

“With the study overwhelmingly indicating the desire of 91% of employees to work in a hybrid model moving forward, this data study provides businesses insight about how to democratise work from anywhere and incorporate security practices into their hybrid approach by working with companies like Entrust to implement solutions such as password-less and biometric authentication, mobile identity verification and more.”

The report says there is no question employers are leaning into a clear desire among employees for hybrid work options, with 68% saying they are considering hiring talent that resides in geographically diverse locations. For employers following this trend and hiring employees in a new, hybrid environment, there are several ways to improve and secure the onboarding process.

The study found business leaders are improving training methods (53%), rolling out new or improved collaboration tools (47%) and implementing mobile ID issuance for remote employees. Furthermore, leaders are taking steps to maintain internal security as they incorporate a hybrid model, with 51% rolling out one-time password technology, 40% utilizing biometric authentication and 36% using mobile identity verification, citing the desire to stay ahead of hackers and protect their internal data.

As companies start bringing workers back to the office, the ongoing pandemic raises the stakes of physical security to include health, safety and infosecurity. For example, companies must consider best practices when they begin to open their doors to visitors outside their internal workforce once more. Entrust found support for organizational visitor management is overwhelming, with 96% of business leaders and 93% of employees agreeing that it is important for their company to have a system in place that logs and tracks visitors who enter and exit the building when employees work in the office.

With this in mind, companies will begin paying more attention to who’s going in and out of the office building. Reasons for this enhanced scrutiny of visitors is primarily due to caution surrounding COVID-19, with 83% of leaders and 84% of employees citing the risk of spreading COVID-19 as the top reason it is important to have a system in place that manages and tracks guests. Other reasons included protecting confidential information (65% of leaders and 55% of employees) and avoiding physical harm to employees (61% of leaders and 62% of employees).

Business leaders also agree that it is imperative to consider the intersection of data security and work from home standards. Fortunately, it appears that the introduction of hybrid work has resulted in a step in the right direction for workplace data protection. In fact, while 81% of leaders said their company has offered employees training on data security, the overwhelming majority (86%) said it was offered as a result of the COVID-19 pandemic, indicating a trend towards enhanced data security.

Unfortunately, while leaders are offering this training, only 61% of employees said their company offers this training, indicating a communication gap between leadership and their employees. By communicating these trainings to employees, leaders can help reduce the risk of security threats including phishing and ransomware attacks.

Naturally, while the Securing the New Hybrid Workplace data study takes a holistic look at the top trends of hybrid work, some individual countries presented data that is particularly intriguing. Some top findings of key international trends and takeaways include:

  • 65% of employers in Japan say they have offered data security training for the hybrid work model, but only 36% of employees agree, indicating a potential gap in communication or training execution.
  • Businesses in Saudi Arabia (89%) and the United Arab Emirates (87%) are by far the most willing to consider hiring talent that resides anywhere in the world. Businesses in the United States and Singapore are the next most likely to hire talent anywhere in the world, both with 73% of leaders indicating they would be willing to hire global talent.
  • Businesses in Indonesia are particularly likely to implement cutting-edge security technologies into their business practices, with 75% of employers saying they have utilized one-time passwords and 69% indicating they utilize biometric authentication.
  • Of the countries surveyed, respondents from Germany indicated the lowest productivity impact due to network access or login delays with 49% reporting that they have never had an issue, and 27% reporting only 1-3 incidents. By comparison, in the United Kingdom, only 25% reported no issues, with 34% reporting 1-3 incidents.

The Key to Cybersecurity is an Educated Workforce

960 640 Guest Blog

The United Kingdom’s National Cyber Security Centre (NCSC) handled a record number of cybersecurity incidents over the last year, a 20% increase in cases handled the year before. With the increasing number and more innovative nature of cyber attacks, businesses of all sizes must prioritise cybersecurity. However, the fundamental starting point of any organisation’s security infrastructure must be a trained and aware workforce, who understand their responsibility in keeping business data safe. Oliver Paterson, Product Expert, VIPRE Security Awareness Training and Safesend, explains…

Business Size Doesn’t Matter

Whether a business is a start-up or a larger corporate organisation, all companies are at risk of a cyber-attack. We often see million-pound enterprises on the news when they suffer from a data breach, such as Estée Lauder, Microsoft and Broadvoice. But, no organisation is too small to target, including small and medium-sized businesses (SMBs), who are the target for an estimated 65,000 attempted cyber attacks every day, according to new figures. Unfortunately, these types of businesses may not have the same infrastructure and resources in place to survive such attacks, as it is found 60% of small companies go out of business within six months of falling victim to a data breach or cyber attack.

No matter the size of an organisation, the effects of a cyber attack can be devastating financially, as well as having longer-term damage to business reputation. Small businesses remain at the same level of security risks as those which are larger, for example, Volunteer Voyages, a small single-owned organisation, did not deploy the right level of security and fell victim to $14,000 in fraudulent charges using its payment information. Similarly, the entrepreneur who owns Maine Indoor Karting accidentally clicked on a malicious email pretending to be from his bank warning him of unfamiliar activity, resulting in clearing out his account. Nevertheless, SMEs can safeguard their data and themselves from these types of attacks by investing in their cybersecurity and being conscious and informed of the threats they face. 

Human Error

As the year-on-year number of cyber attacks continues to accelerate, hackers are also becoming more advanced and innovative in their tactics. They are able to spot weaknesses in workforces, particularly preying on those who are working from home as a result of the ongoing pandemic, away from their trusted IT teams. In fact, a recent survey found that 90% of companies faced an increase in cyber attacks during COVID-19.

It is no surprise that hackers use humans to their advantage, as according to data from the UK Information Commissioner’s Office (ICO), human error is the cause of 90% of cyber data breaches. Humans make mistakes – stressed, tired employees who are distracted at home will make even more mistakes. Whether it’s sending a confidential document to the wrong person or clicking on a phishing email, no organisation is immune to human error and the damaging consequences this can have on the business. 

Yet, these risks can be mitigated by educating workforces on the modern threat landscape and the existing risks. Teamed with anti-malware solutions and technology, such as VIPRE’s SafeSend, employees can be alerted to double-check their email attachments and recipients, as well as any potentially malicious incoming emails.

Cybersecurity Training 

Businesses cannot solely rely on digital tools to protect their operations, information and people. However, they cannot expect workforces to understand and identify existing threats, as well as avert them from taking place, without education. Particularly, small and micro-businesses lack the resources and knowledge to defend against an attack, with a concerning 81% of organisations not receiving any training on cybersecurity. 

Without this cognisance, workforces cannot stay ahead of the persistently evolving threat landscape. It is therefore essential that businesses choose the correct training programmes to get the most value and retention out of this learning. While deploying an annual security awareness training programme may satisfy instant requirements, it does not equate to a continuous defence strategy for ever-changing threats.

The key considerations include the length of the programme, the level of engagement, having a variety of multimedia content and ensuring it is relevant and relatable to a global audience. Adding in real-life situations and intriguing employees with diverse content, including virtual reality and phishing simulations, helps to fortify crucial cyber threat prevention messaging and educates workforces on how to protect both the business and themselves. This, in turn, strengthens the workforce security culture, ensuring employees know what to do when faced with a cyber threat.

By working with a successful vendor, such as VIPRE, that has access to the appropriate security solutions and expertise, they can help CISOs create and foster a good security culture, making security part of the vision and values of everyone in the organisation. 

A Responsible Workforce 

Once workforces are trained and educated on the existing security risks, it is vital that they also understand their responsibilities when securing an organisation’s IT infrastructure. Traditionally, IT teams are often perceived to have a key role in ensuring the right security measures are in place, and it’s up to them to defend the business against hackers. However, this is not the case, particularly for SMBs who may not have a committed IT unit to rely on. 

Especially now with dispersed workforces and social distancing restrictions in place, the help and support from those in IT is not so immediate. Now more than ever, the responsibility must be reinforced throughout the entire business. In order to combat imminent threats, employees who are on the front lines of the business’ cyber defence must understand that they have a key role to play in keeping data safe. After all, the final choice in sending sensitive information via email or downloading an external attachment is with them. 

Forrester’s latest report re-iterates this, as it states that “Organisations with strong security cultures have employees who are educated, enabled, and enthusiastic about their personal cyber safety and that of their employer.” The combination of having a vigilant and empowered workforce, supported with regular training and innovative tools, allows businesses to benefit from a security-first initiative with an educated and responsible culture long-term. 

NCSC roleplay exercise educates home workers on cyber risks

960 640 Stuart O'Brien

Business owners are being urged to help keep their home working staff safe from cyber attacks by testing their defences in a roleplay exercise devised by the NCSC.

The ‘Home and Remote Working’ exercise is the latest addition to the National Cyber Security Centre’s Exercise in a Box toolkit, which helps small and medium sized businesses carry out drills in preparation for actual cyber attacks.

Launched last year, the toolkit sets a range of realistic scenarios which organisations could face, allowing them to practise and refine their response to each.

The latest exercise – the tenth in the series – is focused on home and remote working, reflecting the fact that for many organisations this remains a hugely important part of their business.

Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, said: “We know that businesses want to do all they can to keep themselves and their staff safe while home working continues, and using Exercise in a Box is an excellent way to do that.

“While cyber security can feel daunting, it doesn’t have to be, and the feedback we have had from our exercises is that they’re fun as well as informative.

“I would urge business leaders to treat Exercise in a Box in the same way they do their regular fire drills – doing so will help reduce the chances of falling victim to future cyber attacks.”

The exercise follows a range of products developed by the NCSC – which is a part of GCHQ – to support remote working during the coronavirus pandemic, including advice on working from home and securely setting up video conferencing.

The new ‘Home and Remote Working’ exercise is aimed at helping SMEs to reduce the risk of data compromise while employees are working remotely.

The exercise focuses on three key areas: how staff members can safely access networks, what services might be needed for secure employee collaboration, and what processes are in place to manage a cyber incident remotely.

Some of the most popular exercises include scenarios based around ransomware attacks, losing devices and a cyber attack simulator which safely imitates a threat actor targeting operations to test an organisation’s cyber resilience.

As part of the exercises, staff members are given prompts for discussion about the processes and technical knowledge needed to enhance their cyber security practices. At the end an evaluative summary is created, outlining next steps and pointing to NCSC guidance.

Exercise in a Box is an evolving tool and since it was launched the NCSC has continued to work on the platform. It has recently been given a new refreshed look to make it even more intuitive for users and soon micro-exercises – ‘bite-sized’ exercises that focus on a specific topic – will be added.

Jonathan Miles, Head of Strategic Intelligence and Security Research at Mimecast, said: “This new NCSC tool is a fantastic measure and will be welcomed universally as the threat of cyber attack continues to rise. In fact, our State of Email Security shows that 91% of UK organisations believe their organisation volume of web and email spoofing will increase in the coming year, while 59% of UK organisations have observed an increase in phishing attacks over the last year. It’s important that organisations prioritise cyber security, especially at a time where remote working has become the norm and connecting corporate devices via the home router becomes commonplace. This provides greater opportunity for malicious actors to infiltrate and obtain sensitive corporate data through unsecured home devices, so it’s important that businesses educate their staff on the tell tales signs of compromise and the benefits of good cyber hygiene practices.

“Regular cybersecurity awareness education is also key. Our State of Email Security report found 56% of organisations don’t provide awareness training on a frequent basis, leaving organisations incredibly vulnerable. This is supported by further research which found that enterprises that didn’t utilise Mimecast awareness training were 5x times more likely to click on malicious links as opposed to those companies that did. Often such training and education exercises may be viewed as burdensome or tedious, but it’s crucial that organisations work to change this perception and using tools such as these provided by the NCSC and others can significantly help. Our research has identified that awareness training, which is fun, interactive, and done in intervals can significantly help with retention, in addition to bolstering cyber defence in depth.”

You can sign up for Exercise in a Box or find out more about it on the NCSC’s website.