Quite a lot has changed over the past two years, especially in the way we use technology. One notable change is the sudden shift of the work set up within the business sector. There were a lot of things that needed to be adjusted to be able to adapt to the new normal.
If you think back to 2019, most businesses focused their cybersecurity efforts on the office. Obviously, since most of their employees were working on site. There may be few who worked from home but have been doing so for some time, so there was already a setup to support the environment, but that was merely an occasional occurrence.
Jump ahead to the first quarter of 2020 and enter an influx of employees working from home and kids’ online schooling. The change happened so quickly that cybersecurity practices took a bit of a backseat in the pursuit of productivity expedience.
However, hackers didn’t pause their attacks. If anything, it evolved into something far more sophisticated and dangerous. These cyber attackers saw an opportunity and jumped on it. They started wreaking havoc in some familiar ways and then found new tactics to cause problems for business owners and their employees.
If you don’t keep up with the changes in the cybersecurity realm, you are setting up your business for a disaster.
Here at ITS, we make sure to provide clients with the latest technology solutions to ensure secure and optimal business processes. In this article, we’ll delve into the four significant changes in cybersecurity since the pandemic came about, namely:
- Increase in phishing emails
- Dangers in using Virtual Private Networks (VPN)
- Shift to a less secure office environment
- Change in organizational cybersecurity policies
How is Cybersecurity Changing?
So, how has cybersecurity transformed over recent years? Here are four major changes:
Increase in Phishing Emails
Certainly, you’ve heard of phishing emails a whole lot pre-pandemic. Well, they have made a comeback and have been a spick since the beginning of the year. Recent statistics have shown that more than 3.4 billion phishing emails are being sent out daily in 2022–worldwide.
But the increase shouldn’t be too surprising. Any time there is major interest in a particular topic or event–such as the coronavirus–phishing emails tend to increase. The difference now is that the employees’ work environment has changed into a less secure network, which opens more opportunities for phishers to do their job.
Since the pandemic forced businesses to adapt to a work-from-home setup, you are likely receiving an influx of emails not necessarily related to work; this intensifies the odds of clicking on a malicious link.
With all that, the goal of phishing emails remains the same–to steal credentials and drop malware onto your devices.
Dangers in Using VPNs
VPNs enable employees to access organization files from a remote location and are in constant use now by large numbers of remote workers.
However, this workflow may not be familiar to a lot of newly-remote employees, and they may lack training on best practices. Hackers, on the other hand, are clever and seize upon this to exploit these weaknesses and leverage opportunities.
As VPNs are used as an access point to get into a company network, hackers can wreak havoc if they infiltrate a less secure home user network through malware or other phishing attacks.
Shift to a Less Secure Environment
Many home networks lack the cybersecurity controls and hardware found in office networks. As a result, home environments are a potential cybersecurity risk for your company.
With more people working from home and kids at home, company information and data may be visible from a home office, kitchen table, or living area. At first blush, this may seem innocent, but we all know that accidents happen. A company file or data could accidentally be deleted or emailed to someone that should not receive it.
In order to prevent such disasters from happening, securing home networks is the first and necessary step.
In the same way, a sense of false privacy may exist for those working in the office and adhering to social distancing because your co-workers are no longer right next to you. Alas, privacy should never be assumed when it comes to company information security.
Change in Organizational Cybersecurity Policies
Changes in how people work and where they work have led to changes in cybersecurity policies–which is a good thing. This helps in protecting sensitive company data from getting into the hands of the bad guys. Policies today may include more details on:
- Phishing emails (And what to do if you receive one, or click on one. This works as a remedy for the increasing risks mentioned in the first item.)
- Proper VPN access procedures
- Installation of multi-factor authentication (MFA) to reduce security risks
- Regular at-home network cybersecurity checks and remediation
- The importance of installing patches and updates across all devices
- Warnings on using public Wi-Fi for company work
- The use of privacy screens and limiting work to confidential areas
- Locking devices for any company related work
- Proper use of virtual conferencing tools
- Approved apps that can be downloaded for company work (which may not have been necessary in the past)
- Guidance on when headphones should be worn during company meetings
An update in the standard organizational guideline will help reduce the potential dangers of a remote work setup.
Rethink and Reassess Your Cybersecurity Plans
Although a lot has changed over the past two years, the importance of a cybersecurity culture and mindset along with good security hygiene to keep company, client, and employee data safe has not. As hackers adapt to changing circumstances to probe and exploit weaknesses, so must a company’s protections need to detect quickly and respond.
At ITS, we help businesses optimize technology to keep their cybersecurity current and secure. Read the best practices to keep software updated for your business by clicking the link.