Ensuring organisational cybersecurity is an ongoing process that many organisations will need to adapt to when undertaking work from home policies. In Hong Kong alone, the total number of cybercrime cases rose sixfold from 1,506 cases in 2009 to 8,322 in 2019 whilst 12, 916 cases were reported in 2020 alone. The amount of money involved too increased from HK$ 148 million in 2011 to HK$ 2.96 billion.
As many companies have transitioned to remote ways of working, they have increased their vulnerabilities that are easily exploitable including unsecured home connections, employees using various devices to access corporate systems and implementing at-risk cloud-based solutions. Additionally, employees may be using unsecured personal devices to conduct work from home which without proper software updates, increase the risk of vulnerabilities being unearthed.
Furthermore, working from home enables staff to approach their work with a different attitude as opposed to if they were in the office. As such, they may not follow the correct procedures and take shortcuts that would not normally be available such as unapproved apps, cloud services that appear to help them with their workload that may already be compromised
Data-centric approach
As such, many offices take a perimeter security approach to their IT infrastructure security model, yet the highly connected nature of cloud environments make it easier to bypass any defences. Combined with poor password management, insecure APIs can also be exploited. As such, it is best to implement a data-centric approach, that requires data to be encrypted with multi-factor authentication to prevent any unauthorised access.
Though part of the preventative measures relies heavily on having the correct IT infrastructure in place, HR has a pivotal role to play in ensuring that employees who are working from home, have a different mindset and are more aware of cybersecurity risks. As such, educating employees on the organisation’s digital strategy is imperative to building their trust and support and will enhance their user and employee experience. Training could centre around appropriate digital procedures, approved, secure software usage or even how to respond to phishing attacks—all of which will enable the business to become more digital secure as we go into the future of work.
Paul Arkwright
Publisher
