The pandemic has been a time of rich pickings for hackers, and 2020 was the busiest year on record for cyber-attacks in the UK, writes Tim Walker, MD, Aura Technology.
According to the Government’s Cyber Security Breaches Survey 2021, two in five businesses reported a breach – with a 31% increase in cases during the height of the crisis.
The consensus is that this rise is directly related to the shift to mass remote working, which saw lapses in security as businesses scrambled to set up systems to work from home. Some experts have even referred to this as a “cyber pandemic”.
This threat will not subside even when Covid-19 eventually does. Another change in working practices – this time the widespread adoption of hybrid working models – will bring about new opportunities for criminals and more security challenges for businesses. It’s important to be prepared.
Having workers at home some of the time and in the office at others can give hackers new doors to go through. At least with full-time homeworking, systems and devices were in one place.
A hybrid model usually means employees either have a device at work and one at home – both connected to a cloud service – or they must take a device between the two locations. Both options come with risk.
To secure mobile devices, workspaces should start by establishing a mobile security or bring-your-own-device (BYOD) policy that provides clear guidance on what personal devices employees can use for work and how information should be accessed safely and securely.
Businesses should also think carefully about how staff are using cloud platforms, which do not always come with strong built-in cyber security features. Good systems can monitor and limit access to files, keep your network security up-to-date, and ensure the use of strong passwords and encryption.
One option is to give employees access to office PCs via remote desktop protocol (RDP) when they are working remotely. This means the office-based PC has to be left turned on at all times but allows the user to log in from their remote location, so the data never leaves the office network.
Every hybrid and remote employee should be properly trained in remote working protocols to ensure their home or remote working setup is just as secure as their office one.
The good news is that while for many businesses, home working had to be set up in a rush, this time around there is time to take advice and plan how a hybrid model should work.
Ransomware attacks saw a huge increase in 2020, growing 485% compared to 2019, according to a recent report. New ransomware designed to evade detection and an increase in Ransomware as a Service (RaaS), which gives individuals the tools to set up their own cyber-crime operations, are among the reasons for the increase.
Phishing attacks were the most common attack on UK businesses in the past year. Coronavirus related emails, which look very convincing, contained links that deployed malware when opened.
This year, look out for AI-enabled attacks which involve hackers building programs, like chatbots, that can mimic human behaviour. When used on websites or in emails, they
may look legitimate so employees can unwittingly give up personal or company information, putting data at risk.
While security programs can often detect these kinds of attacks, humans are the last line of defence, so staff training is highly important.
Make cybersecurity a priority when setting up an IT system that supports hybrid working.
If the worst happens, a regular and frequent backup process in place using an intelligent technology that is ring-fenced to protect different versions of your data can limit the damage caused by an attack. This kind of system helps avoid the possibility that backups themselves can contain an infection.
The team at Aura Technology work extensively in the mid-market private and public sectors and are supporting existing and new clients set up hybrid working systems. To discuss your business’s needs contact: