Costs of cybercrime expected to reach $10.5 trillion per year by 2025. For comparison, in 2015 it was 3 trillion. And it’s trillions, not billions. Already, according to industry reports, cybercrime is costing businesses around the world nearly $2 million per minute.
Businesses, employees and customers are attacked every day and the cyber threats themselves vary widely. The risk is growing, especially since we currently have a trend towards hybrid working. More and more people are working remotely from home, using private devices daily, or failing to follow employer-recommended security policy.
In the first round of Business Insider TRENDS 2022 – Cybersecurity, we asked experts for advice for companies that allow remote work and want to ensure a high level of security. Marek Psiuk, Chief Technology Officer at No Fluff Jobs, noted that there are at least two aspects we need to take care of when it comes to security. – First, our employees must be aware of the dangers of cyberattacks – he said. And he added: – Secondly, we need to show how compliance with individual elements of our company’s security policy affects their security, and what will happen if those elements are not adhered to.
Remote work offers great convenience, but also forces IT teams to meet many new challenges and requirements to ensure security. Experts recommend using data encryption and security protocols such as two-factor or multi-factor authentication (multi-factor authentication – MFA). For this, detailed access control and an appropriate security policy with specific processes and operating modes are recommended.
Not all password-protected data or applications that require a username and password to access them are as secure as they could be. The level of security will certainly increase significantly when we start using MFA authentication, which will help protect company data that employees access on any network. Having these protocols in place — especially for remote and on-the-go workers — is imperative if you want to protect yourself.
Additionally, IT teams must also ensure that the correct permissions are used. It’s about the ability to share data as needed and only to the people who really need it.. This is critical if we are to provide security in today’s distributed business world. It should be possible to restrict access based on classification such as user, group, IP address and MAC address.
Strategies for a hybrid working model
With team members often working from home offices and using private devices to get things done, maintaining a secure environment is more complex. However, many organizations allow this by offering a BYOD (bring your own device) program.
Whatever applications and online services are used, it is worth creating your own security policy that covers the BYOD aspect. What rules should we follow? It is important not to neglect the core of the network, where you can define protection and access rules, or even block malware traffic. Protection and access rules should be based on recognizing and stopping attack attempts, blocking malware, as well as controlling traffic specific to individual applications.
The policy should also include specific access levels, for example from a private device an employee will not be able to log into the intranet. At the same time, this document should clearly inform employees about what they can rely on when using a given device.
A very good way to improve security is also the implementation of the EMM (Enterprise Mobile Management) system.which is used to manage mobile devices. EMM systems allow you to create, among other individual usage policies, as recommended by our company’s IT professionals. For example, we may prohibit the use of specific applications or apply security updates.
At the same time, good safety hygiene is important when working remotely. In addition to the solutions mentioned we must also ensure access to company resources via VPN, as well as periodic training on cyber threats.
Bartosz Kozłowski, co-founder of Sagenso, explains what companies most often forget when it comes to cybersecurity:
Zero-trust, i.e. conditional trust
“Don’t trust it blindly, always verify” – that’s how you can sum up the zero trust principle that more and more companies are following. Zero-trust approach restricts access to digital assets through strictly enforced identity and device verification processes. We are dealing here with ZTI (zero-trust identity) protection, as well as ZTA (zero-trust access). These types of solutions ensure that no device or user is “trusted by default”, regardless of where they are located and their position in the enterprise.
If we implement a zero-trust policy, we will limit access to resources only to verified users and devices. This in turn will significantly increase the level of security. Also, after the default check, a given person will only have access to the resources or network segments they need. It also minimizes the risk that certain data breaches may occur.
Marek Szustak, cybersecurity expert at eSky, explains which cyber threats companies can’t deal with the most:
Remote work involves many risks that can have serious consequences. Exposure to potential cyber threats is high and we face challenges such as:
· Phishing: send emails or other messages to encourage employees to download malware that collects sensitive data
· Ransomware : malware that infects systems before demanding payment (ransom)
· Spyware: spyware designed to collect data that could then be used by fraudsters or competitors
· Zero-day attacks: attacks particularly targeting unpatched operating systems and applications that may be difficult to monitor remotely
· Data theft: the most common theft of login data in order to access customer and employee databases
· Sabotage: unsupervised employees intentionally or unknowingly destroy company assets
Sooner or later, a cyberattack will happen – that’s almost certain. Let’s try to follow the safety rules and implement the practices recommended by the experts.
The article was written as part of the Business Insider TRENDS 2022 platform, where we discuss and analyze the most important trends at the interface between business and technology. See more cybersecurity posts and register now for free for more events under BI TRENDS. On June 2, we will focus on cloud, artificial intelligence and machine learning. Join, watch live and engage in discussions with other industry experts and representatives.