Businesses have had to adapt quickly in recent weeks. Entire companies are working remotely. Employees suddenly find themselves having to use new software, new processes, and new ways of working, all whilst being physically distant from the IT support team. No more wandering down the corridor with a, ‘can you just have a quick look at this…’!
All of this is great news for hackers; many will be smacking their lips at the prospect of a displaced workforce; alien to the world of remote working, endless video meetings and using ancient, unpatched home PC’s to connect to the office.
There are several factors at play here. For one thing, when people are forced to quickly change how they work, they may be more vulnerable to attacks like scam phone calls or phishing emails. This is because change and uncertainty makes us less able to spot suspicious behaviour.
In addition, organisational data that may ordinarily never leave the company’s secure network is now being shared from computer to computer, often on unsecured home networks, devices and USB keys.
Then there’s the fact that employees may be using new software for the first time – and this software may have been downloaded in a hurry, without proper testing or training. Zoom’s video calling software is one high-profile example. Aside from the countless reports of calls being ‘Zoombombed’ by total strangers, which in itself is troubling, researchers have uncovered thousands of privately recorded Zoom videos stored online for anyone to watch.
People tend to think installing security software is enough to deal with threats, but you can’t rely on technology alone. It takes more to ensure a business is as safe as possible. For us, information security is best enabled using the Golden Triangle of the PPT framework (People, Process, Technology), with each module being carefully designed to complement the others.
Those three key modules are:
People – employees should be empowered with the knowledge they need to proactively protect the business. This includes training people on how to stay safe and spot suspicious behaviour.
Processes – you need clear processes and policies that help your people work safely, even when the business is coping with change. Naturally, people need to be aware of these policies, why they matter and why they must be adhered to.
Technology – last but not least, you need the right tools in place that enable your policies and processes to work in practice, and your people to operate safely in cyberspace.
Whatever challenges you’re facing right now, The RANt Group is here to ensure your business is as safe as possible. Talk to us about reducing your operational risk.