With the start of the new decade also came the start of a new trend – working from home, which is commonly shortened to WFH. As a result of the Covid-19 pandemic, many organisations resorted to having their employees work remotely. Offices are not the only organisations that have moved to working online, as schools, banks, hospitals and even the local grocery store have switched their operations to online.
WFH has been made easy with the use of IoT (Internet of Things), cloud based technology, online projectmanagement software and many more. This allows employees to perform their work tasks remotely and collaborate better with each other without physically being at the office. It also empowers companies to create customised workspaces and recommends personalised solutions to specific problems that may arise in operations.
With everything moving to cloud storages, organisational data is at the peak of vulnerability and open to threat. Research states that employees are less likely to take cyber precautions at home than when they are at the office – this makes organisations even more endangered to cyber attacks.
A cyber attack would immensely cost an organisation and have many negative implications. Even if a ransomware does not directly involve money, it would still put a price on the cost of data recovery and investigations, to name a few. The biggest implication would be a data breach in confidential customer data – including bank details or sensitive medical records – which would lead to further legal and public relations expenses. Apart from data loss, cyber attacks can also result in a loss of productivity. As stated by Forbes, slow technology, or technology downtime, means workforces cannot access business-critical applications and systems. The lowered productivity and increased costs that occur as a result can undermine ongoing business continuity and even stunt future business growth.
Cyber attacks are not only limited to hacking, phishing and ransomwares. They also include Business Email Compromise (the attacker targets an employee who has authority of financial transactions, in order to trick them into transferring money into an account controlled by the attacker), Distributed Denial-of-Service (the attacker floods a target server with traffic in an attempt to disrupt and bring down the target) and even IoT based attacks, to name a few.
Cybercrime has increased drastically over the past few years as more and more organisations have switched to the online space. In April 2020, Zoom had been hacked and lost over 500,000 customer passwords. In July 2021, global IT company Kaseya was a victim of a ransomware attack where the attackers were able to distribute ransomware by exploiting several vulnerabilities in Kaseya’s Vector Signal Analysis (VSA) software, which gave the attackers the ability to infect multiple organizations via what is known as a supply chain attack.
Organisations are advised to adopt cyber security strategies in daily operations in order to mitigate cyber attacks to the best of their ability. After all, precaution is far better than cure. Ideally, in order for an organisation to be fully prepared for a cyber attack, they would require up to date technology, highly skilled staff, advanced software and a comprehensive Disaster Recovery plan. Organisations are recommended to adopt a holistic security strategy that is resilient, adaptable and easy to manage. Steps in creating a comprehensive security approach vary depending on the needs of the organisation.
A framework by McKinsey & Company lays out the holistic approach as follows:
- Identify top risks, risk appetite, and assess controls and vulnerability
- Analyse and evaluate identified risks and their relevance to the organisation
- Treat risks that exceed the organisation’s risk appetite
- Monitor risks and their relevance to the organisation
Organisations can also help their employees take precaution at home by providing them with anti-virus software, firewalls, updating their software regularly, and training them with basic cyber security awareness.
According to Cisco’s Future of Secure Remote Work Report, 82% of employers felt that cyber security is now extremely important or more important than before COVID-19. There are growing concerns around how data is accessed remotely and how secure it can get which is why cyber security has become a priority for organisations in every industry. Former CEO of Cisco, John Chambers, once said “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked”. Organisations are urged to take precautions to prevent their companies from cyber attacks. Now is the time for organisations to act.