Strengths and weaknesses

The Covid-19 pandemic and lockdown has led to an increase in remote and hybrid working, and the trend is expected to stick. But companies will need to prepare for potential network resilience and security issues due to home working, as well as increased demand on data access.

As we move forward into an era of a new way of working, there are four key areas business owners and directors need to consider to realise growth, expand productivity and guard against threats to the business during this time of rapid change.

Home working may increase vulnerability to breaches
A recent report from cybersecurity firm Malwarebytes claims that 19.8 per cent of businesses surveyed faced a breach due to an action from a remote worker since lockdown was introduced, and that nearly a quarter of those businesses (23.8 per cent) faced unexpected expense as a result.

Costly and business-compromising attacks could result from the hacking of merely one unsecured device in a single employee’s home. With both personal and company devices sharing the same home network, the risk of planted malware, ransomware and banking Trojan software transferring from an employee’s personal device over to a company machine and going on to infect the entire company network is high, especially if the employee has not been trained in good security hygiene. In addition, it’s extremely difficult to discover, intercept or monitor any threats from personal devices that may have transferred over home networks.

For this reason, it’s likely that an increasing number of businesses will implement zero-trust security architecture (where the system is assumed to be compromised, and staff access to data is severely restricted on a need-to-have basis). However, the draw-back of this approach is that poor planning can slow speed, productivity and collaboration.

An IT managed service provider (MSP) can advise on and deploy the most appropriate security architecture to meet current business need and, in many cases, the solutions to these issues are more cost effective and affordable than business leaders may think. In fact, companies may already have licenses that have unused tools or features that can assist. Most solutions in today’s world are cloud-based and ‘as-a-service’, which incur monthly OPEX fees, rather than one-off capital investments on software and hardware.

These flexible as-a-service packages also provide the company with the assurance that the solution is always maintained by the provider, with the latest security updates and patches, allowing directors and C-suite executives to focus on business growth without having to worry about the risk of company data and operations being compromised.

It’s now critical that companies examine their systems architecture to assess whether it needs to change to cope with the additional demands of remote working, especially since the UK government guidelines have recently reverted to the recommendation for employees to work from home if possible and this disruption to businesses and short-notice alterations to government guidelines looks set to continue for many more months.

Phishing scams should be top priority
Criminals are using the climate of uncertainty, confusion and fear to increase the effectiveness of phishing scams. By the end of February last year, phishing emails had spiked by more than 600 per cent, with the majority using Covid-19 related topics to lure users.

Training staff in how to recognise phishing scams can save businesses a potentially costly experience down the line. In addition, any discovered threat should be dealt with immediately to halt or minimize potential damage. In these turbulent and busy times, companies may want to consider outsourcing IT support to a MSP to benefit from around the clock support with neutralising security threats. Criminals don’t only work office hours, and with particularly dangerous malicious software, such as ransomware, immediate action can make the difference between the breach being a small issue or a company-wide disaster.

The threat of the insider
In August, it was reported that a hacker had attempted to bribe a Tesla employee to plant malware in the company’s network. In the case, the employee was trustworthy, but it follows a disturbing growth of attempts to bribe or trick employees into sabotage or releasing private and sensitive company information. Recently, a hacker group successfully stole business data in six countries by posing as companies’ HR departments in an attack that preyed on employees’ trust of their employer. As companies grow more knowledgeable about good security hygiene and practices and seek to secure systems, hackers have increasingly turned to exploiting a company’s people, who may lack knowledge of good security practices and how to recognise a scam.

Unfortunately, home working introduces more risk of opportune ‘insider’ attacks, particularly in shared housing accommodations. A housemate could potentially discover an employee’s passwords to company equipment, and if the home workspace is shared, it’s possible to simply look over a person’s shoulder as they log in, without a busy employee noticing.

Multi-factor authentication (MFA) may help to reduce the risk of insider attacks from people in the immediate vicinity, as combining authentication factors can make a machine less vulnerable to opportune break-in attempts. An IT MSP can deploy robust security measures, including MFA and firewalls, and back-up systems to ensure yours and your customers’ critical data is always protected.

Maintaining productivity, customer retention and business reputation
This is a tough time for businesses all across the country. Some will still have staff on furlough, and some have even had to make redundancies. Staff that remain need to be empowered to be able to perform to a high level, not only for the purpose of staff wellbeing, but also for the positive impact on customer retention and business reputation. As the disruption due to the pandemic continues, business leaders may want to consider investing in technologies to upscale productivity and efficiency.

A plethora of tools exist to facilitate automation of repetitive administration, freeing up staff time to focus on tasks that increase business value. Additionally, new technologies such as artificial intelligence (AI) are playing an ever-increasing role in upscaling business operations, particularly in the use of chatbots in customer service and providing insights to augment digital sales.

However, it’s important not to rush into decisions and to continue to assess the efficacy and potential security risks of software and applications before committing to use. The term ‘Zoom-bombing’, in which malicious individuals listen in or interfere with private meetings, has become well-known due to the number of incidents during the pandemic, as companies were forced to turn to virtual conferencing software at short notice.

Director-level business leaders have enough to worry about during these turbulent times, without fear that the introduction of new collaborative software designed to help remote teams could lead to a crisis. Leading MSPs use the best technologies and equipment on the market, so company directors can rest assured that any software and applications used are safe and reliable.

Outdated IT systems not only run the risk of becoming obsolete and hampering productivity; they can present a serious security threat to business operations, finances and its people, should a costly scam damage business reputation and hamper growth. Businesses absolutely need to be prepared to cope with the ‘new normal’ and an onslaught of new security and financial threats, particularly while many companies are still vulnerable whilst recovering from the fall out of the lockdown period.

On an optimistic note, the pandemic has highlighted many little-known system weaknesses and security threats posed by remote working. This knowledge should serve to strengthen the security of IT systems nationwide and make it harder for criminals to target businesses.

David Greenwood is CEO at ISN Solutions and an expert in network resilience and security. ISN Solutions has been providing corporate IT managed services to UK businesses since 1991. It has a long-standing reputation in delivering specialised ICT services, solutions and consultancy to the Energy sector, predominantly Oil & Gas and specifically the Upstream market, where independent UK-based Exploration & Production companies (E&P’s) had to rely upon a responsive IT partner to assist them with overseas onshore/offshore campaigns and fast-track growth strategies.
For further information please visit: