Return to office cyber risk – know the threats to your business?

Authored by Travelers Europe

As many workplaces open back up and organisations embrace hybrid ways of working, the cyber risks to businesses increase. As the old adage states, that the ‘best offence is a good defence’ and knowing where the threats lie is the first step to achieving that.

Where are the risks?

• Use of personal devices - Personal and home networks tend to be less secure than a company infrastructure, and with the quick lockdowns in 2020 most employees were forced to work remotely without full security checks. For SMEs, many had to also rely on personal devices as workplaces did not have the ability to provide alternative options. Multiple home users working on the same network also increases the entry points for attackers to gain access and ‘hide’ until reconnected to an organisation.
• Personal use of company devices - As the lines blurred between work and home-life, if employees did have company devices, they may have used them for personal applications, thus increasing the vulnerability. Such use includes social media, internet browsing, personal cloud storage, Internet of Things home devices (e.g. a smart printer) and streaming. As devices begin to be used for different things, it increases the exposure to phishing and malware attacks. Once a return to office begins, these company devices may be viewed as more ‘trustworthy’ than personal devices and may be more likely to slip through a security net.
• Collaborative Tools - Many companies employed a quick pivot to remote working, and with that came an increased reliance on collaborative platforms such as video conferencing, without the necessary checks and tests. These digital tools can contain vast amounts of data, and often require updates/patches to remain safe to use, which may fall by the wayside if employees are unaware of the risks.
• Complacency - While working in a home environment, employees may have been lulled into a false sense of security and relaxed their approach to devices and network use. Combined with increasingly sophisticated attacks, when they return to the office this could result in vulnerabilities in the business network.

Ransomware increases as Lockdown restrictions ease

As countries around the world began easing COVID-19 lockdown restrictions, malware distributors also resumed working at full capacity. The first lockdown saw a significant increase in the number of malware attacks blocked by Symantec, a division of Broadcom. In total, Symantec blocked over 60 million infection attempts in the second quarter of 2020, which represents a 74.6 % increase over the previous quarter.

In 2021 the trend continued with an uptick of 151% of ransomware attacks around the world, with Europe in particular seeing a growing number of threats. While the threats are becoming more sophisticated, the spikes in attacks also correlate to lifts in lockdown restrictions.

Personal devices, as mentioned previously, represent a significant threat. A full scan and security update is not always feasible, especially for smaller businesses, so plans should be made for how devices are introduced (or re-introduced) to a network. For example, separate ‘guest’ networks could be introduced, rather than employees accessing the main business network on personal devices, and checklists should be provided to ensure employees have properly updated those devices before entering a networked site.

SME safety

The good news is there are several easy steps an SME can take to protect themselves against cyber threats before employees return to the office or switch to a hybrid-working model:

• Documented Security Policy and Security Training. This is vital and outlines what staff can and cannot do with company devices.
• Ensure use of strong passwords. Do not store them with laptops.
• Enable Multi-Factor Authentication (MFA) for all remote access to the network, and for employee access to any web-based email, such as Microsoft O365.
• Complete full scans and ensure Firewalls, HIPS, and Antivirus are switched on, configured correctly and kept up to date.
• Full Disk Encryption. Remote lock and wipe of mobile devices.
• Patch, patch, patch. New vulnerabilities are the most common way of infiltrating networks and devices.
• Block USB ports so data cannot be copied off.
• Educate employees to never leave a device unattended and unlocked, even within the office environment. If using a device outside of the office, ensure it’s out of sight and locked if left.
• Eliminate, or reduce, local Admin access on laptops and other networked devices.
• Have a list of approved software that can be used.
• Back up all important data and make sure the backups are secured separately from the rest of the network. If you are hit with Ransomware, this will be a business saver.
• Have the appropriate cover in place in case of an attack.

Organisations should have a plan in place to identify and secure devices that were used while working remotely, and everything should be updated before returning to company networks.

What does the future hold?

In some ways, much of the same, unfortunately. The criminal gangs perpetrating ransomware fraud show no signs of relenting. And as long as many SMEs fail to take all of the necessary precautions, it will remain easy pickings for them. The key is making yourself a harder target for the criminals to attack. For the foreseeable future, there will be enough ‘low hanging fruit,’ such that if the criminals get stopped in their attempt to breach business A, they will move on to business B. The important thing is to be business A!

Perhaps the most critical control that can be implemented to stop the criminals from accessing your network is multifactor authentication (MFA). If an employee falls for a phishing scheme and provides username and password details to the criminal, and the business doesn’t have MFA in place, that criminal now has the same level of access to whatever that employee had. And once criminals have a foothold into the network, they are often able to discover further access credentials, ultimately with the aim of achieving admin rights, in order to implement ransomware files. If, however, the business has MFA in place, even if an employee accidentally gives up the username and password, the criminal will be prevented from access due to the MFA. MFA isn’t a magic wand, and isn’t the only control to be concerned about, but it often what sets apart business A from business B.     

Everyone is on a Zero Trust journey

‘Zero Trust shifted from an option to a business priority in the early days of the pandemic. In light of the growth in remote work, 51% of business leaders are speeding up the deployment of Zero Trust capabilities.’

Zero Trust means what it says on the tin: businesses should not automatically trust anything coming into a company. Zero Trust Network Access (ZTNA) is a service that enables this kind of policy by restricting access and carrying out checks on the company’s behalf. Eventually this way of thinking will become a global industry standard for all businesses and increase the security strength against cyber risk.

To find out more about the Travelers Cyber insurance offering CLICK HERE