Futureproof your remote working and cyber security strategy

It’s well known that enforced closures and stay at home orders at the height of the COVID-19 pandemic forced businesses to embrace remote working.¹ The move may have been unavoidable, but many businesses experienced unexpected benefits such as significant productivity gains.² This, amongst other benefits, has encouraged many to look at hybrid models that blend remote and in-office work.³ Experts predict remote working is here to stay.⁴ But any benefits must be weighed against the risks.

Cyber risks associated with remote working

Businesses in the UK saw a 31% increase in cybercrime between May and July 2020 and related losses reached £6.2m over the course of the year.⁵ Experts are in no doubt that remote working has played a key role in enabling that rise. Many businesses had to ‘switch on’ remote working capabilities almost overnight in 2020. As a result, cyber security took a back seat in the rush to adapt.⁶

Weak security on personal devices and networks used to connect to office systems give cybercriminals abundant opportunity.⁷ Along with password sharing with people outside the organisation, use of unsecured wifi networks and a failure to use robust security protocols like encryption and multi-factor authentication.⁵

There could be some clear vulnerabilities in your cyber security strategy that hackers could exploit. If your business embraced remote working during the pandemic and plans to continue, even if you’re late to the party and planning to enable remote working now, it’s vital you understand the risks and take steps to defend against them.

2021 cyber security threats

Some of the cyber security threats to be aware of and defend against in 2021 include:

• Phishing: Cybercriminals are using the COVID-19 pandemic as a theme for phishing campaigns. These fake emails trick users into giving away sensitive details like passwords and financial data. Attacks have commonly used events like lockdowns, vaccine roll-outs and government stimulus measures to get unsuspecting victims to click on malicious links, attachments or give up sensitive information.⁸
• Ransomware: According to recent research, ransomware attacks increased by 800% during the pandemic. This attack technique uses malware to encrypt a victim’s entire computer system, leaving it inaccessible unless a ransom is paid. Some estimates suggests that companies fall victim every 11 seconds in 2021 at a cost of more than £14b worldwide.⁹
• Cloud breaches: Cloud-based IT services can also offer cybercriminals a fruitful opportunity and the theft of data through cloud breaches is expected to rise with the shift to remote working. That’s because, while cloud infrastructure itself is secure, customers are often responsible for setting up and configuring their own cloud security, and configuration errors can leave businesses vulnerable.⁹
• User device targeting: Employees working from home often use personal devices that are not secured through the corporate network. These devices can be easily accessed by hackers, viruses give them new routes past business cyber security controls, which can lead to disruption and potentially disastrous data leaks.⁹
• Supply chain attacks: These attacks involve hackers targeting one business in order to gain easier access to the systems of its customers or suppliers. These attack types are also on the rise and can be particularly damaging for the business through which access was originally gained. As well as recovering from the attack, they could also suffer from lost customers and reputational damage.⁹

All these cyber risks are potentially heightened by poor remote working security, it’s vital to take steps now to review and strengthen any steps businesses have taken to defend against them.

Defend against cyber security threats

There are a number of steps that businesses can take to reduce remote working cyber threats, or to minimise the damage if the worst should happen. They include:

• Carry out a cyber security review: A cyber security review is a detailed process of identifying potential threats and their impact, assessing existing cyber security to look for weaknesses, and then acting to address them.¹⁰ Often carried out by independent experts, these reviews are essential for maintaining robust cyber security and are a vital first step for any business that has recently implemented remote working.
• Implement user awareness training: Educating users in cyber security is also essential. Many attacks rely on tricking users into clicking on malicious links and attachments in emails. User awareness training can help employees to spot and avoid potential cyber threats, which in turn helps to strengthen the organisation’s overall cyber security.¹¹
• Implement multi-factor authentication (MFA) measures: MFA is essentially a way of strengthening the user login process. It can be particularly useful in securing remote working systems by requiring every log in to be authenticated via a code sent to a second device. The use of two-factor authentication rose by 18% in 2020 and was in use by 82% of businesses.⁵
• Look into advanced cyber security technologies: Some of the latest cyber security systems now employ machine learning to make defences more effective and simpler to maintain. These systems essentially learn how cyber criminals operate and adapt security protocols automatically. This can help organisations keep pace with rapidly changing cybercriminal techniques.¹¹
• Review cyber insurance arrangements: Unfortunately, it’s a fact of life that no business can entirely eliminate cyber risk, and that is why cyber insurance can be so important. It is there to step in if the worst should happen, helping with legal costs and damages, computer system clean-up and repair, and other costs associated with rectifying the issue. It’s not escaped the attention of UK businesses, with 43% planning to take out cyber insurance this year, compared with 32% in 2020.¹⁴

Futureproof your cyber security strategy

Our Resilience Hub has a number of tools to help you reduce your cyber risk exposure, such as:

• cyber security glossary
• how to spot a phishing email interactive test
• cyber risk exposure calculator.

We also recently partnered with Connectus, a specialist IT and cyber risk consultant, to help businesses safeguard their systems, networks and programs from digital attacks. Working with Connectus we are able to offer a menu of tailored cyber and IT solutions, including:

• complimentary IT and cyber review
• cyber audit
• added value services such as fibre connectivity, cyber protection software and IT support.

You can find out more about this exciting proposition here. Alternatively, contact your Marsh Commercial advisor or find a cyber insurance expert near you to discuss.

 

^Sources: 

<sup>1. https://news.sky.com/story/covid-19-8-4-million-were-working-from-home-last-year-as-pandemic-struck-12309068
2. https://www.consultancy.uk/news/26508/bosses-hope-to-extend-remote-work-productivity-boost-beyond-pandemic
3. https://www.bbc.com/worklife/article/20200824-why-the-future-of-work-might-be-hybrid
4. https://www.bbc.co.uk/news/business-54413214
5. https://www.securitymagazine.com/articles/93722-uk-sees-a-31-increase-in-cyber-crime-amid-the-pandemic
6. https://www.techrepublic.com/article/how-remote-working-poses-security-risks-for-your-organization/
7. https://www.theguardian.com/technology/2021/jun/17/ransomware-working-from-home-russia
8. https://www.getgds.com/resources/blog/cybersecurity/6-cybersecurity-threats-to-watch-out-for-in-2021
9. https://en.wikipedia.org/wiki/Supply_chain_attack
10. https://wizardcyber.com/assessment-services/cyber-security-review/
11. https://financesonline.com/cybersecurity-trends/
12. https://www.onelogin.com/learn/what-is-mfa
13. https://www.marshcommercial.co.uk/for-business/cyber-risks/
14. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021</sup>

^MC210924694