Your Company's Cybersecurity in 2021
The hybrid work environment. It’s a buzzphrase we’ve been hearing all year. Most likely, your organization at some point last year made the switch to a mostly-remote work environment, and as restrictions ease up, and vaccines roll out, you’ve begun the process of switching back.
Some businesses are staying completely remote. Some are going back to the office fully. Most, however, are adopting a hybrid work environment. While the hybrid model is great for work life balance and employee flexibility, it presents the perfect scenario for a cyber criminal.
There’s plenty going on with tech in 2021 — from chip shortages, to the true adoption of 5G — but the most pressing and prevalent issue organizations face is the hybrid work environment.
WHY HYBRID WORK IS DANGEROUS
Let’s rewind a little bit, to the spring of 2020. Without trying to drag up too many negative memories, consider for a moment what your tech rollout for remote work looked like.
Was your organization already set for remote work? Did you scramble to figure out how to make sure employees could access their files from home? Or, were you mostly ready, but still needed to set up a VPN?
No matter where you began, every organization ended up in the same place: with employees remotely accessing their office’s network. Many organizations did their due diligence to put in place security measures, like VPNs, or KVM software.
The problem with these security measures is the fact that they only work if your employees actively make use of them. Since more than 95% of all cyber security incidents are caused by human error, there’s a good chance a few of your employees won’t follow your organization’s security guidelines, whether due to negligence, lack of understanding, or simple forgetfulness.
This created the perfect storm for cybercriminals to exploit. Because most employees were working using their relatively unsecured home networks, hackers could hijack their internet connection, wait until the employee accessed a file stored on their office’s network, and then infiltrate it by piggybacking on the connection.
This is a risky move for a hacker to make, however. It requires luck, and makes use of a single connection through which they will exploit the network. The smart hackers went a different route.
They found unsecured home connections, and placed a ticking time-bomb on the employee’s device they were able to infiltrate.
What happens when a device that has been hacked is brought onto your office’s network? Will your cyber defenses work to stop the damage?
Unfortunately, no. Because the employee’s device will be recognized by your network as a trusted device, it will have full access to the network’s features.
This caused big problems for a lot of businesses in 2020. In fact, there were 300,000 more cyber crime incidents in 2020 than when compared to 2019, totaling in more than $4.2 billion in damages.
But, this all happened when companies were on a fully-remote work schedule. So, what does all of this have to do with hybrid work?
Simply put, a hybrid work environment creates more opportunities for hackers to exploit. If an employee brings home a laptop on a Monday, and takes that same laptop into the office on a Tuesday, and repeats this same schedule every week, that’s 52 regularly-scheduled opportunities per year for a hacker to exploit the employee’s device and trusted network status.
THE CONSEQUENCES OF EXPLOITATION
What happens when a hacker gains access to your network? Truthfully, there’s a lot that can happen, and it’s impossible to predict what actions a hacker may take. There is a rise in ransomware attacks, however.
Ransomware attacks lock you out of your files by encrypting your network data with a key only available to the hackers who exploited your network. Then, after your organization has had ample time to panic about the hack, the cyber criminals will send you an offer: pay us, and get your network back.
No matter what option you take — paying the ransom, or attempting to fix the problem yourself — you’re taking a gamble. Hackers won’t always return access to the network even after receiving payment, and will publicly release sensitive business information if you don’t pay.
Basically, you don’t want your network to be infected with ransomware. If your employees are on a hybrid schedule, however, this is an always present risk.
What if your business is back to the office full-time? Do you still need to worry about hackers hijacking the devices your employees use? The short answer is yes. So, why is this?
If your business has the position of sales representative, or has field technicians, or partners who host meetings at other organizations, or even employees who travel, there is a high likelihood they have connected to a network during their time away from the office.
With each connection they make while away from your network, that device is exposed to more and more opportunities for exploitation. Simply put, no business, no matter how secure its local network is, is immune to the risk of ransomware.
WHAT YOU CAN DO ABOUT IT
In 2021, there are a few steps you can take to increase not only your networks security, but resilience as well.
First, consider moving as much of your network as possible to the cloud. Cloud services are more secure than on-premise servers, and have the ability to be spun-up much faster than their local counterparts.
Because cloud servers are controlled by massive tech firms, they are always up-to-date on their security features, and due to their decentralized nature, are much more resilient to intrusion.
Second, ensure your network’s backups are functioning properly. Backups can be the difference between a ransomware attack crippling your business’ operations for months, to a few days at most. Be aware, even if your server is located in the cloud, it’s best practice to back-up your cloud server.
Finally, consider enrolling your employees in security awareness training. Because the vast majority of successful cyber attacks are attributed to employee error, the best step you can take to increase your network’s security is to ensure your employees know the dangers they face every day.
For more about cybersecurity, visit our blog.