The covid-19 pandemic has brought with it many changes. For businesses and office workers, one of the major challenges is adapting to remote working. There are many new considerations when an entire workforce switches to home-working five days a week – including mental health and productivity, which we have covered before on this blog.
Although the days of companies relying on ring fencing all their systems and data through their networks are mostly gone, given the rise of cloud services and bring-your-own-device policies, it is also evident that the vast majority of organisations were not ready for such a rapid and wholesale change to remote working.
It’s not just businesses struggling – employees are too. It’s a well-worn adage that one of the biggest weaknesses in any company’s security is its users, and as security policies, software and procedures are far harder to make work properly from the home-working environment, this challenge is only exacerbated.
There’s also been an effect on cybersecurity workers and IT admins – which has partially prompted big technology providers to bring in new products and provide new services.
The employer’s view
There are a raft of obvious cybersecurity problems that have occurred since remote working became the new normal. Some of the cornerstones of data protection and cybersecurity – things like access controls, trusted devices, company networks and clear procedures – all become much harder when everyone’s working remotely. That’s not even taking into account the extra strain IT admin staff find themselves under, trying to facilitate home-working, giving them less time to shore up cybersecurity practices.
According to Forbes, there are three primary concerns companies should look out for when considering cybersecurity and remote work.
The first concerns a fundamental: internet connections. Forbes states that unlike offices, where IT managers can control the security of Wi-Fi networks, employees’ home networks “probably have weaker protocols” – things like WEP instead of WPA-2, it says. The author states that this “allows hackers easier access to the network’s traffic”.
Forbes and others also suggest that home workers are particularly vulnerable to phishing scams – a particularly potent mix as attackers have taken advantage of people’s fears around the ongoing health situation to create coronavirus email scams. Security Magazine also recommends an under-appreciated tactic: making home-work easy. “At first glance, this appears to contradict the prior principle,” the magazine says. “Didn’t we just recommend limiting data? Yes. But employees need to work. If access is too cumbersome, they develop workarounds.”
Cybersecurity for employees
Of course, almost regardless of what protections organisations put in place, a large part of the puzzle is employees themselves. Boosting things like awareness and training can make a massive difference in this area, particularly with regards to attacks like phishing scams.
But it appears that hasn’t necessarily got through to employers yet: according to ITProPortal, many home-workers haven’t received any cybersecurity training. A new report from app security firm Promon found that two-thirds of remote workers haven’t received cybersecurity training in the last year.
ITProPortal quotes Promon CTO and co-founder Tom Lysemose Hansen as saying that that remote workers aren’t receiving any cybersecurity training is “concerning”.
“Organisations must ensure that staff who are working remotely are doing so in secure environments, whether that’s on personal or corporate devices, and it’s critical that they provide the necessary training and tools to ensure corporate data is protected,” he said.
For those IT admin and cybersecurity workers, this all creates a perfect storm, where they must help their employers or clients rapidly adjust to remote working, while also helping to keep employees aware – all the while having their own lives and work patterns disrupted.
What’s more, according to a new report from (ISC)² covered by ITProPortal, nearly half of cybersecurity specialists in the UK now aren’t even doing cybersecurity work: they’re doing more traditional IT work to help companies adjust. The study claims the duties of 47% of security professionals have been temporarily changed to help companies set up their remote working environments.
According to ITProPortal, businesses “have reported an inability to maintain desired output and quality with employees off-site”. Survey respondents cited “a lack of hardware support for a larger number of remote workers, as well as the conflict between the need for a swift transition to remote working and the importance of preserving security standards”.
All this means, as always, that the need for those with cybersecurity skills is high. It also means – as we have covered before – that cybersecurity workers may struggle with mental health, at a time of such high pressure and workloads. RedCat Digital has offered recruitment consultancy in the cybersecurity sector for years, and knows how to help find the right jobs and the right people, even in this difficult climate.