Few – if anyone – would argue that COVID-19 has changed many aspects of our lives. One such change, which will likely become permanent long after the pandemic is over, is how many of us work. The home office is likely here to stay, along with our reliance on video conferencing, cloud-based services, and the use of portable media, such as external hard drives and USB flash drives.
Those aren’t the only changes, however. The changes to how and where we work have forced companies to revamp their approach to cybersecurity, as hackers have been extremely busy since the pandemic started. In fact, in a recent global study conducted by Tanium, 90% of executives surveyed said they experienced an increase in cyberattacks because of the pandemic. What’s worse, though, is that 93% of these same executives also said they had to delay key security projects in order to focus on transitioning their organizations to remote workforces. That’s somewhat worrisome, but somewhat expected.
Indeed, the home office is becoming our new normal, and there’s no reason to think we will revert to the old normal once the pandemic wanes. As evidence, consider that a recent Gartner survey revealed that 70% of customer service and support employees want to continue working from home after the pandemic ends, while a LiveCareer survey reported that 29% of working professionals say they would quit their jobs if they couldn’t continue working remotely.
The work-from-home model was a trend before the pandemic started, and the global pandemic has only accelerated that curve.
Work-From-Home Cybersecurity Strategies
In October, the U.S. Chamber of Commerce and FICO released its “Special Report on Cybersecure Remote Working During COVID-19.” This report included these six important COVID-19 cybersecurity recommendations:
- Consider the benefits of using cloud services.
- Instruct employees on the proper components of a home-office network.
- Use a properly configured virtual private network (VPN).
- Take steps to introduce elements of security to teleconferencing.
- Have a plan to identify and manage third-party and supply-chain risk.
- Think through – and adhere to – sound “bring your own device” (BYOD) policies and procedures.
Certainly, these are sound strategies of which any organization can benefit, and we take particular note of No. 6, as we have been a proponent of securing BYOD devices for years. However, we find it unfortunate that the U.S. Chamber report focuses its BYOD recommendation solely on employees’ personal laptops, while including such recommendations as installing only known and trusted software, maintaining the PC’s security, and changing passwords frequently.
The Overlooked Threat
The bigger threat, however, is not in the use of employees’ personal laptops, but rather in the proliferation of portable media – primarily external hard drives and USB flash drives – that are being used to transport data back and forth between the home office and the corporate office.
Consider this: In the last two years, the number of insider incidents has increased 47%, according to the Ponemon Institute’s Cost of a Data Breach Study. As bad as that is, if the predictions of a global research company hold true, it’s about to get even worse.
In its Predictions 2021 white paper, Forrester is forecasting an 8% increase in insider incidents caused by accidental data misuse or malicious employee intent. The reason for this increase, Forrester says, is a confluence of factors brought on by the pandemic, including the ongoing prevalence of remote work, employees’ job insecurity, and the ease of moving company data through the proliferation of portable media.
What makes Forrester’s prediction particularly stark is that the price tag associated with insider threats is on the rise, too, with the average insider incident now costing organizations $11.45 million, according to the Ponemon study.
Yes, COVID-19 is forever altering our cybersecurity landscape. However, unless we lock our computer and network ports to prevent employees from using portable media to infect a corporate network or cause a data breach – whether maliciously or unintentionally – the landscape will be forever littered with cybersecurity vulnerabilities that will impact all of us long after the COVID-19 pandemic is over.