With COVID-19 as an ongoing threat, people have moved to remote work at home more than ever before. Many have made this change unexpectedly, feeling their way in a process they weren’t planning on adopting. For those who didn’t work remotely before, adapting to the new scenario while maintaining productivity and well-being have been common priorities. Managers and CEOs have been working to set up protocols and smooth the process for their employees making this shift. Other businesses don’t have the luxury of working from home, and are struggling to hold things together under new social distancing restrictions. But in all this readjusting, one thing often gets forgotten: cybersecurity. And cyberattackers have taken note of that. This is the perfect setting for hackers to take advantage of people not only navigating new terrain at work, but often caught up in political and social turmoil as well. That’s why now is the worst time to overlook your organization’s cybersecurity risks.
Increasing Work Agility
In a study based on O*NET data from the U.S. Department of Labor, University of Chicago researchers Jonathan I. Dingel and Brent Neiman found that 37% of jobs in the United States can be plausibly carried out at home. While this number shows remote capability, it’s rarely reached under normal circumstances. Surveys suggest that in 2018, less than 25% of U.S. workers did any work from home, and those that did only relied on the home environment for a portion of their work. Within the tech field specifically, a Microsoft report shows 89% of their of customers moved most of their employees to remote work because of the pandemic—but only 54% of chief information security officers said they were adequately prepared for this in their operational resilience plans. So Americans are becoming more flexible in their work location and habits, to the extent that their jobs allow, but their security often isn’t set up to cover that new flexibility. Increased online and digital work must be accompanied by better cybersecurity—or businesses will face even bigger struggles than they already have.
Cyberattacks Increasing Too
The Federal Bureau of Investigation (FBI) has called cyber fraud the ‘other’ coronavirus crisis, noting that “the COVID-19 pandemic provides criminal opportunities on a scale likely to dwarf anything seen before.” These opportunities take many forms. The typical phishing campaigns are ramped up to falsely appeal to people’s needs for health information and coronavirus data. Just as false information spreads through social media, lures toward phony medical treatments or investment offers make their way through telephone and email scams. Fake bills arrive, identities are stolen, malware is implanted in COVID-tracking apps. And ransomware, which was already increasing before COVID-19, can now capitalize on people’s desperation even more.
Weighing Costs and Risks
It’s estimated that 43% of of all cyberattacks target small businesses, which are also the types of organizations that are most likely to overlook cybersecurity. Often those leading these smaller organizations think they aren’t large or well-known enough to attract cyberattackers. Or, they operate on limited budgets and don’t see cybersecurity as an immediate concern. But protection from these growing threats must be taken into budget considerations, since the risk that accompanies neglect is very high. Data breaches in 2019 cost businesses an average of $200,000, and 60% of small businesses who suffer attacks end up having to close down. With such losses already looming because of the health crisis, businesses cannot afford to take this risk as well.
Addressing Cybersecurity Risks
On a more positive note, this current crisis can be a chance to strengthen a business. Adjustments in work practices have already shown that many companies can be flexible and learn to operate in new ways. Now is the time for business leaders to think creatively: how might remote work create savings that can be redirected toward cybersecurity? Perhaps reduced office space or streamlined productivity can reallocate funds where they are most needed now, without having to spend extra. Maybe budget resources previously set aside for team events can now be used to keep the team free from security breaches. And, a careful look may show that your business already has the prerequisites for strong security but hasn’t yet implemented them properly. Many companies working with Microsoft 365, for example, already have the licensing and tools they need, but they haven’t taken the time to set them up or learn how to make the best use of them. If you’re using Office 365, this would a great time to take a look at the benefits of various Microsoft 365 plans, which include much stronger security packages.
Security Resources and Offerings
As Microsoft Gold Partners, we can help you start strengthening your cybersecurity today, with what you already have—or revamp your security with the knowledge and resources that are crucial in today’s environment. Here are a few of our resources you can take advantage of:
- Read some of our best security tips for Azure and Microsoft 365.
- Check out our security accelerator packages designed to give you the strongest security quickly and easily.
- Get a free cybersecurity assessment or vulnerability scan.
- Don’t overlook internal threats either—see what’s available in Insider Risk Management.
- Contact us to learn about our Secure Intelligent Workplace offerings and insights.