Cybercrooks weren’t struggling when the pandemic started – in fact, cybercrime was accelerating heading into 2020. But when the combination of lockdowns and broadband ubiquity drove businesses into makeshift networking environments, cybercriminals’ eyes filled with big, fat dollar signs. And they’ve been cashing in ever since.
Remote Work Is Here To Stay
It’s clear that the shift to remote work has permanently altered business models. Most are adopting permanent work-from-anywhere or hybrid models that allow for at least some level of working from home. That means three things:
1. Continued disruption in real estate markets. People are fleeing high-cost areas looking for homes with a home office.
2. A constant stream of video-from-anywhere communications. No longer belonging to the realm of Sci-Fi, this is a permanent fixture of 21st-century society.
3. Employees use a range of devices and networks. The range of connections used by employees to do their jobs will continue to diversify.
Increased Risk Is Along For The Ride
Every device and network connection provides an opportunity for cybercrooks and risks for your clients. One obvious and immediate need is for endpoint backup and protection. In previous Cyber Resilience Zone blogs, we covered endpoint backup and provided some considerations for choosing an endpoint backup provider partner. We also dug into how endpoint protection (EPP) can protect your clients in this emerging world of hybrid work, along with more considerations for choosing an EPP provider.
Cyber hygiene and educating employees on all the threats that target them is just an important, though. Given the prevalence of human behavior in successful attacks, security awareness training [CF5]is essential heading into 2022. Your clients are likely aware that phishing has become a highly successful threat vector, but they may not be aware of all the other threats that employees (and owners!) need to learn about, including:
- Third-party charging devices
- Removeable media
- Passwords
- Multifactor authentication
- Public or otherwise unsecured Wi-Fi
- Social engineering
- Cloud security
- Mobile security cyberthreats lurk in hardware, cloud applications, social networks, websites, software applications, email, SMS messages and more.
Most importantly, security awareness training works. It cuts click rates by up to 50 percent with just 12 weeks of tutorials. It also takes the heat off endpoint protection, as companies with security training experience 12 percent less malicious software than those that rely on endpoint protection alone.
Takeaways
Engaging your clients in discussions about the need to budget in EPP and security awareness training for 2022 should go hand-in-hand with discussions about their ongoing remote work plans. More connections from more employees means more risk, period. Luckily, there are tools that help keep businesses secure.