According to a Ponemon study, 82% of cybersecurity expenditures go toward post-hoc measures, such as detection, containment and recovery. Only 18% of budgets are invested in prevention – yet financial figures may not be the most important factor in maintaining digital resilience in 2021.
Last year, enterprises had to quickly adopt new “game rules” as employees shifted to remote work. This meant reliance on digital tools grew and vulnerability to cyberattacks soared. As the “new normal” is here to stay, stakeholders should make remote work cybersecurity a priority to ensure a stable and accessible working environment.
“Cyberattacks usually happen in grey zones that are either neglected or completely forgotten. Those can be related to outdated infrastructure, vulnerable software or a simple human error – hackers constantly are looking for weak spots on your company’s network, and in times of remote work those are difficult to facilitate,” said Juta Gurinaviciute, CTO of NordVPN Teams.
Eight remote work cybersecurity commitments for 2021
1. ‘It’s not my business’ anymore. Security no longer is in the hands of information technology (IT) teams and the chief information security officer (CISO). With complex digital tools used by every employee, it concerns the whole organization. Follow the business leaders who plan to integrate cybersecurity into every business decision, and involve every department and each employee in the decision-making process.
2. Learn, teach, repeat. Almost 90% of data breaches are caused by human error, and employees are not always willing to take precautions. Explore novel remote work cybersecurity training methods to make security check-ups entertaining, rewarding and inclusive. Engaging activities help employees to remember how to stay secure and protect their data.
3. Op€n-se5aM3. It’s time to make password hygiene a thing. One in four workers admit they use the same password for every account. Discourage them with regular prompts to change their passphrase, switch to password managers or implement biometric authentication methods.
4. Say goodbye to outdated gadgets and neglected user accounts. Some mobile devices are supported for three years only and out-of-date software is highly vulnerable. Consider also the tools your employees use: Maybe there are services they don’t need? Remove those accounts as they widen the surface area for a cyberattack.
5. Backups are not enough. It is also advisable to test them regularly. The average damage inflicted by ransomware was $1.45 million, whereas ransom demands totaled $1.4 billion. And just when you think you can mitigate the risk by restoring backup, you find it inaccessible. Next to a regular check-up, make sure to keep a copy on offline servers as well.
6. In the name of the Law. Some companies implement digital policies because officials order them to (think of GDPR, for instance); others want to ensure their cyber resilience deliberately. However, only 40% of small enterprises have implemented a working cybersecurity policy, and remote work cybersecurity makes this even trickier. Apply the lessons from the pandemic year, check the cybersecurity trends and review your policies to protect your business in 2021.
7. Top of the line. Nearly half of organizations (45%) have adopted a new technology or contracted a new vendor to enable remote work due to COVID-19. However, don’t wait for extreme conditions to modernize your company. Evaluate the situation and keep an eye out for the most up-to-date cyber resilience tools in the market: SaaS solutions, cloud services or Zero Trust Network Access (ZTNA) technologies.
8. From Holey to Holy. 99% of the vulnerabilities exploited by the end of 2020 were known to information technology (IT) professionals at the time of the incident. Even if there are 12,174 new vulnerabilities popping up every year, enterprises must act and patch up. First of all, make sure your employees work with the most up-to-date software. If they’re reluctant to do it, encourage them with a day off or other perks.
“Resilience to digital threats lies not only in the most advanced security technologies, but also in the cybersecurity culture of a company. It depends on the examples set by senior executives, functioning security policies and all-encompassing awareness by every employee. Efforts to stay protected shouldn’t be limited to these check-ups: Perform them several times per year, and integrate cyber and privacy matters into every business decision to make it everyone’s interest,” Gurinaviciute said.
Remote teams struggling to mitigate cybersecurity risks
Cybersecurity requires asset updates
Five tips to stay cyber secure when working remotely
Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.