Last month there were over 300,000 Google searches relating to cyber-security. It’s a hot topic that is ever-present in the news, particularly during lockdown where countless businesses have had no choice but to trust their staff to maintain secure standards outside of company walls.
To find out what businesses say the biggest cyber-security concerns of remote working are, security experts at Specops Software surveyed 100 senior staff from 14 different sectors including, Medical and Health, Computer and IT and Education and Training.
Reduced Password and Passcode Security was found to be the most biggest cyber-security concern for the following sectors:
- Computer and IT
- Travel and Hospitality
- Charity and Voluntary Work
- Media and Internet
Many remote workers will be forced to use personal devices and networks during the lockdown, which often lack the tools built in to business networks – such as antivirus software, customised firewalls and automatic backup – increasing the risk of personal and work-related content being leaked/hacked.
Of the 400 senior staff from these sectors surveyed, 76% noted password attacks as a particular worry as passwords and passcodes on personal devices tend to be weaker.
Worryingly, since COVID-19, Specops Software have noted an increase in phishing, malware and password spraying, which gives senior staff due reason to be concerned.
Inadequate Backup and Recovery
The next most common cyber-security concern is ‘inadequate backup and recovery.’
The sectors that chose ‘inadequate backup and recovery’ as their biggest cyber-security concern:
- Medical and Health
- Education and Training
- Creative Arts and Design
With recent headlines like ‘Coronavirus: Cyber criminals threaten to hold hospitals ransom’, it’s no wonder sectors like Medical and Health are worried about protecting sensitive data.
Getting Workers to Follow Protocols
The sectors that chose ‘getting workers to follow protocols’ as their biggest cyber-security concern:
- Customer Service
- Business, Consulting and Management
To avoid a clash in communication, businesses will need to ensure they have a coherent cyber-security policy in place and workers should have a clear understanding of this before remote work takes place. According to Raconteur, a cyber-security policy should include remote-working access management, the use of personal devices, and updated data privacy considerations for employee access to documents and other information.
Tracking and Managing Assets
The sectors that chose ‘tracking and managing assets’ as their biggest cyber-security concern:
- Accountancy, Banking and Finance
If an asset is not being used efficiently, companies will need to implement an action plan or explore options on how to make it efficient/less resource intensive as possible – or risk losing revenue. Which is why it is understandable that fields such as Accountancy, Banking and Finance are most concerned by a block in tracking and managing assets when it comes to remote working.
Third Party Access to Video/Webinar
The sectors that chose ‘third party access to video/webinar’ as their biggest cyber-security concern:
- Recruitment and HR
- Marketing, Advertising and PR
Mashable recently reported ‘Stolen Zoom passwords and meeting IDs are already being shared on the dark web’, so is it any wonder fields that rely heavily on video communication in the current COVID-19 climate are concerned? See more on how to protect passwords in the comment from Darren James below.
Interestingly, only the Sales sector chose ‘GDPR compliance’ as the biggest cyber-security concern.
With reduced security being the number one concern covered in this release, Darren James, Product Specialist and Security Expert at Specops Software, commented:
“We’ve already seen that the COVID-19 pandemic has been used as another vector of attack especially around phishing attacks. This makes it more important than ever that a “unique” password, or even better a passphrase, and where possible 2FA or MFA, should be used. Anyone working from home that is known to be using a compromised password should be encouraged (enforced) to change it as soon as possible.
Users also face genuine problems with password expiry and notification of password expiry (especially with their corporate AD accounts), the native tools don’t really give the admin a lot of options, so a user’s risk of being locked out of their accounts for an extended period of time is much greater than in the past.
We hope you find this release useful. If you do end up using it, we would appreciate a link to https://specopssoft.com/ who commissioned the data. A link credit allows us to keep supplying you with future content that you may find useful.
Finally, organisations need to make sure that they have a robust leavers policy and process in place. If someone does leave the organisation then their access must be removed in a timely manner, and any company devices that they may have should be securely wiped. The BYOD scenario brings a lot of challenges to this subject in particular, e.g. global wipe vs selective wipes.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.