This article was first published on Forbes.com.
Remote working, at least in some form, is here to stay. Tech giants such as Facebook, Shopify and Twitter, to name a few, have all stated they will allow staff to work from home even when it's deemed safe to return to the office.
These moves are proving popular, and many employees welcome the idea and would like to continue working from home. Indeed, there are many positives to both employees and businesses in the new hybrid working model, such as reduced commutes and the ability for organizations to hire from a broader base of candidates without geographic restrictions.
But there are downsides as well. One of the fundamental issues surrounding remote and hybrid working involves cybersecurity, as some employees might be more likely to take cyber risks at home than at the office. These changes can make companies vulnerable to cybersecurity and compliance risks, and a cyberattack can have enormous cost and business implications for an organization.
With remote working part of the "next normal," both now and in the future, companies need to prioritize remote workers’ cybersecurity. Many companies have already established connectivity and remote workflows to meet business objectives over the past year; the requirement now is to assess security and ensure they aren’t presenting easy targets to cybercriminals.
Consequences Of Cyberattacks
A Malwarebytes survey found that since the start of the pandemic, security breaches in a staggering 20% of respondents were the result of remote workers. Cyberattacks can have a detrimental impact across the whole organization, and preventing them needs to be a business priority.
The most obvious consequences of not doing so are financial, especially if a cyber breach involves fraudulent wire transfers. However, their effects can go much deeper than that. Even if money is not directly involved, the attack can still have a negative fiscal impact on a business's bottom line. There are costs of response and recovery to be met, a cost of investigation, the difficulty of lost revenue, and legal and public relations expenses, to name but a few.
I've seen that a cyberattack can also result in lost productivity. Slow technology, or technology downtime, means workforces cannot access business-critical applications and systems. The lowered productivity and increased costs that occur as a result can undermine ongoing business continuity and even stunt future business growth.
An unprotected workforce also puts critical customer data at risk. Consumers and businesses want to interact with organizations that treat their data carefully and securely. This past year saw major hacks involving Twitter, Zoom and several health organizations. Given Zoom’s high-profile role in keeping business working during the pandemic, its hacking and loss in April 2020 of 500,000 customer passwords could be felt throughout the business ecosystem.
Trust is a vital component here. While data breaches now have a real consequence for organizations under the terms of the General Data Protection Regulation and other associated legislation worldwide, trust and its loss are more difficult to accurately quantify. Losing customers’ trust has a detrimental effect on brand reputation, and winning it back can be challenging.
Adopting A Holistic Approach
Securing workforces holistically, including the people who deal with customers and customer data every day, can protect companies from long-term reputational damage.
Keeping hybrid workers secure no matter where they are is now an essential component of ensuring future business success. Businesses should look to deploy a holistic security strategy that not only encompasses products and services but also leverages their security team's expertise and acknowledges that security is a continual process. In the same way that cybercriminals will never stop evolving their methods of attack, the tools to prevent them from succeeding must continually evolve as well.
Using a holistic approach, you can develop, implement and sustain an effective security posture that incorporates an entire IT infrastructure and leverages existing technology.
A holistic security strategy must be resilient, adaptable and easy to manage. Steps in creating a comprehensive security approach vary depending on the needs of the company but should include:
- Determining the risks within your organization: Understanding your vulnerability to attack is critical to adopt the correct framework.
- Creating an architected, tightly integrated ecosystem: Many of these can be automated today to combat the attack before it happens.
- Recognizing attacks: Knowing the various stages of a ransomware attack will help you determine how best to secure your company.
- Aligning security strategy with operations: For a well-constructed security strategy, coordination with business operations is essential for protecting the right assets and future-proofing the business.
- Scaling for the future: Leverage managed services to continually innovate at scale.
Without a secure workforce, companies can risk causing long-term damage to their business. With a secure workforce, however, you benefit from insurance against damage and loss and offer a safer, more robust service to your customers and employees.