Businesses have had to adapt quickly in recent weeks. Entire companies are working remotely. Employees suddenly find themselves having to use new software, new processes, and new ways of working, all whilst being physically distant from the IT support team. No more wandering down the corridor with a, ‘can you just have a quick look at this…’!
All of this is great news for hackers; many will be smacking their lips at the prospect of a displaced workforce; alien to the world of remote working, endless video meetings and using ancient, unpatched home PC’s to connect to the office.
There are several factors at play here. For one thing, when people are forced to quickly change how they work, they may be more vulnerable to attacks like scam phone calls or phishing emails. This is because change and uncertainty makes us less able to spot suspicious behaviour.
In addition, organisational data that may ordinarily never leave the company’s secure network is now being shared from computer to computer, often on unsecured home networks, devices and USB keys.
Then there’s the fact that employees may be using new software for the first time – and this software may have been downloaded in a hurry, without proper testing or training. Zoom’s video calling software is one high-profile example. Aside from the countless reports of calls being ‘Zoombombed’ by total strangers, which in itself is troubling, researchers have uncovered thousands of privately recorded Zoom videos stored online for anyone to watch.
People tend to think installing security software is enough to deal with threats, but you can’t rely on technology alone. It takes more to ensure a business is as safe as possible. For us, information security is best enabled using the Golden Triangle of the PPT framework (People, Process, Technology), with each module being carefully designed to complement the others.
Those three key modules are:
Whatever challenges you’re facing right now, The RANt Group is here to ensure your business is as safe as possible. Talk to us about reducing your operational risk.