The ongoing COVID-19 pandemic has proven that businesses need to make digitalisation priority numero uno. Those who’ve made the digital leap are already reaping the rewards of improved agility, productivity, resiliency, flexibility and cost savings.
The longer this period of unpredictability continues, the more these benefits compound. However, going virtual isn’t a panacea for all pandemic woes – digitalisation has a dark side that we must be equally vigilant against.
The work-from-home (WFH) phenomenon made businesses rush to digitalise and bring their systems and data online for employees to access remotely. But having more assets in the digital space also creates new vulnerabilities for attackers to exploit if business owners don’t implement proper cyber security precautions.
Cyber security practices can’t just be reactive and piecemeal any longer; they need to be active, holistic and diverse to protect businesses wherever they’re operating from.
Why the IT team must evolve
Cyber security used to be the domain of IT teams in traditional workspaces. They fortified offices and networks with state-of-the-art access protocols, firewalls and antiviruses. All employee devices went through their screening before being distributed for use.
But with WFH now forcing everything online and employees using their own devices to access critical resources through unsecured connections, it’s unrealistic to expect IT teams to maintain the same level of control and security.
Smaller companies could gate critical functions behind IT teams or empower them to monitor what employees are doing online. But for larger companies, the sheer number of people they need to oversee would just affect business agility and demotivate colleagues.
- Sridhar Pinnapureddy, CEO and Founder of Cloud4C
Instead, IT teams should transcend their gatekeeper role and become cyber security leaders. They can lead the way in educating other employees on cyber security and make them part of the defense solution.
Creating the right culture
Cyber crime rose by 600 percent due to COVID-19. Ransomware attacks are estimated to cost US$6 trillion annually by 2021. Companies can’t afford – literally and figuratively – to take cyber security lightly. In the WFH setup, every employee is a potential vulnerability. They must be properly trained to embrace cyber security and adopt responsible working protocols.
But awareness and practice are two separate matters; employees need to be fully committed to foster a true culture of cyber security.
Knowing not to click suspicious links and reporting strange emails is just the beginning. Cyber attacks like phishing and ransomware are both very common and ever-evolving, meaning that even Internet-savvy employees can fall prey to new tactics. Letting friends and family use work devices or sending work emails from personal accounts might seem harmless, but often isn’t.
Companies need to make sure that their employees don’t become complacent about cyber security just because they’re working from home. As long as they’re online, they can be cybercrime targets.
Choose the right tools
Going digital means businesses can use powerful digital tools to streamline business operations and improve collaboration – both essential for WFH situations. However, choosing the right apps is very important – both from a cyber security and non-cyber security perspective.
Service-as-a-solution (SaaS) applications, such as video conferencing tools, are becoming more popular because they can enhance collaboration and productivity. However, we’ve seen cases where hackers have exploited their security vulnerabilities to disrupt or eavesdrop on sensitive conversations.
That’s why it’s important to have the IT team help evaluate new applications before use. They’re trained to spot these issues and protect the company’s cyber security profile.
Cyber security tools have often been implemented on an as-needed basis, but this piecemeal approach often results in an unwieldy patchwork of solutions that ends up making enterprise systems unnecessarily complex and resource-intensive.
By holistically considering their systems and pinpointing those that need to be protected, businesses can choose more effective and streamlined cybersecurity solutions – even when taking WFH into account.
Visibility and security go hand-in-hand, which is why enterprise solutions such as Desktop-as-a-Service and Endpoint Detection and Response (EDR)-as-a-Service are so valuable. They can provide a detailed overview of a company’s cybersecurity profile and boost its ability to counter any cyber threats. Besides reducing cyber security blind spots, they also help businesses minimise costs and manpower.
Securing the future
With an estimated 25 to 30 percent of the global workforce expected to continue working from home multiple days a week for the near future, I believe that just like digitalisation, the WFH setup is here to stay.
Companies need to be planning their cyber security for the long term – not just to counter current vulnerabilities, but also to protect against the rapidly evolving nature of cyber threats. All it takes is one cyber attack to undo years of hard work and cause catastrophic loss.
A good cyber security strategy is critical to ensuring this never happens, and it begins from the ground up. Approaching cyber security holistically involves supporting IT teams, educating employees to become cybersecurity advocates, and choosing the right digital tools.
It will take time to get right, but once the correct foundations are laid, businesses can then confidently embrace the borderless future.
Sridhar Pinnapureddy is the CEO and Founder of Cloud4C