The perils of remote working: the next normal in data protection
Andrew Chilvers, Data Protection Specialist, WIFI MAPS
When French President Emmanuel Macron recently declared a ceasefire among all global warring factions so governments could focus on the Corvid-19 pandemic, he had the blessing of most world leaders. Indeed, the once feared Islamic State even called a halt to its activities. In fact, the only faction not taking part in this global drive for collective security were the cyber criminals.
Indeed, hacking groups stepped up their activities causing havoc to companies and public sector organisations across the world. As the crisis intensified so too did the number of phishing and malware attacks against companies and individuals now forced to work remotely on often unsecure networks.
The National Fraud Intelligence Bureau (NFIB), an organisation backed by the City of London Police, reported cyber criminals sending fake NHS links for the public to donate money to fight the virus. Total losses as a result of such scams cost the British public £1.6 million by early April, with 50 reports received daily of phishing emails and malware attacks. There were even reports of people receiving emails claiming they’d been fined £250 for leaving their homes during the lockdown period.
Working from home
Without doubt the UK is now in the midst of the biggest remote working experiment in history. What was unthinkable only weeks ago, is now the next normal.
Until now mobile working was something talked about but not always granted by businesses. By adopting remote working patterns, managers and employees are now consciously moving away from the physical office, and it’s a trend that will continue into the future. A recent Gartner survey revealed a colossal 74% of CFOs expect to move a number of previously office-bound employees to remote working locations permanently post-COVID-19.
Over in the US a recent poll by threatpost.com, a cyber security website, highlighted the lack of preparation most American companies have made in their transition to remote working. As the UK usually mirrors the US in working practices, the threatpost.com poll also echoes similar attitudes of UK companies and employees. So, the results are worth a closer look.
According to the poll, an astonishing 40% of US companies reported increased cyberattacks since starting a remote working regime in March. Only 30% of companies said they felt prepared for remote working, while 23% said there had been an increase in phishing attacks and 10% reported that there had been an increase in coronavirus-themed scams. As with the UK, as many as 70% of respondents said they were new to remote working.
Unsurprisingly, end-user security was the top challenge cited by respondents with 43% claiming it was their biggest worry, while another 20% said storing sensitive data off-premise and transmitting it via the internet was their biggest nightmare. Elsewhere, 26% of respondents said they were nervous about home Wi-Fi, while network security and worries about personal devices were considered big concerns for another 19%. Finally, and rather ominously, only 37% said that employees use VPNs at home to access corporate resources.
Another interesting statistic resulting from new remote working practices was that Microsoft’s cloud services in the US reported a 775% increase in demand across cloud platforms.
One chief information security officer, who spoke on condition of anonymity, said that as a result of all these concerns and with the huge rise in remote working, the focus for all companies and public sector organisations now had to be on training employees at a new level of awareness and behaviour to ensure extra vigilance.
“User experience is crucial to building a security culture and, if it is poor, employees will quickly fail to implement any best practice handed down by IT security teams; that’s certainly my experience,” he said. “Above all, as remote working practices increase, the IT department, no matter how effective, is no longer the automatic gatekeeper of all security.
“This will inevitably create vulnerabilities that could seriously undermine a company’s ability to protect the data of its employees and its customers.”
For businesses it’s also worth remembering that complying with data protection laws is essential, even during the worst pandemic for 100 years.