Posted by Sonata Ožemblauskaitė, Group Security and Compliance Manager
To remain operational, many businesses had to adjust to teleworking as a means of practicing social distancing during the COVID-19 pandemic. While teleworking may be an essential measure to prevent the spread of the virus throughout the workplace, it can also be a security nightmare for businesses. Indeed, COVID-19 themed social media and email cyber-attacks have evolved and become more frequent, and 47% of businesses feel more vulnerable to cyber-attacks since the increase of remote working, while 42% claim that they do not know how to defend against cyber-attacks aimed at teleworkers.
What’s the issue?
Cybercriminals love a “good crisis”. During a crisis like the pandemic, individuals become more vulnerable and less diligent as they experience fear, anxiety, and even depression. Cybercriminals exploit these pandemic anxieties and public fears and target their attacks around the COVID-19 theme to get individuals to disclose sensitive data or to click on links that may contain malware. For example, by sending out emails that purport to offer health advice from reputable organizations but that are phishing attacks. According to UK Government Cyber Security Breaches Survey 2020, cybersecurity breaches have increased by 26% in 2020 and almost half of businesses reported having cybersecurity breaches or attacks in the last 12 months. During this period, businesses have experienced a rise in phishing attacks from 72% to 86%.
The panic experience of individuals during a pandemic can cause many of them to overlook the warning signs of a phishing attack. Also, since so many more communications are done via emails or other forms of electronic channels, it makes it harder for individuals to maintain their due diligence. 88% of data breaches are caused by human error. Such individual vulnerabilities, the sophistication of cyber-attacks paired with remote working, and dependency of information technology certainly is a key factor why cyber-attacks have peaked during a pandemic.
What’s the solution?
Without assessing your employee’s cybersecurity readiness when working from home, your organization risks experiencing a potential cybersecurity breach which could lead to financial losses and impact your reputation.
Employee day-to-day diligence is the best preventative measure. For example, phishing attacks will not be dangerous if your employees do not open phishing emails and click on manipulated links. Thus, you need to ensure that you provide appropriate training to your employees that focus especially on the idea of remote working because things are different and the training you may have provided for years may not be as effective.
How Questionmark’s Cybersecurity for Home-Based Workers ready-made assessment might help?
After switching to teleworking, many businesses struggled to determine where to begin and it created new and unfamiliar cybersecurity risks. Therefore, I recommend starting with determining what your employees already know and what they do not when working from home to inform any decisions on training and development. That would save you time and money.
Questionmark has addressed this issue by developing a Cybersecurity for Home-Based Workers ready-made assessment to support businesses to work securely from home.
The Cybersecurity for Home-Based Workers test can:
- Help identify appropriate training for your business by analyzing what your employees know and what are their cybersecurity knowledge gaps while working remotely. For example, an “Assessment Overview Report” could help identify strengths and weaknesses within your business by looking at average scores within detailed topics. Such results would help to inform decisions on the training and development needed to address those topics that scored less.
- Help to identify which of your employees may need further training and support by reviewing each employee’s answers to all questions. For example, in this coaching report you could see what was the answer given by your employee.
- Address the lack of diligence among employees by increasing awareness of cybersecurity threats by testing them on situational judgement questions, such as below:
Trust is an essential element of the customer relationship, thus take it seriously and demonstrate that you care about their data by ensuring that your workforce is cybersecurity ready while teleworking. I hope this blog is useful and if you are interested in learning more, you can try a test sample or contact us.
Sonata Ožemblauskaitė is the Group Security and Compliance Manager and Product Manager at Questionmark. She is CIPP/E certified and a member of the International Association for Privacy Professionals. Sonata has 4+ years’ experience in working in legal and security matters and has a LLM in International Law and BA in Internal Law and Internal Politics. She is part of the team that created the Cybersecurity for Home-based Works assessment along with other Questionmark ready-made assessments.