The coronavirus pandemic without hesitation pretty much obliterated ‘business-as-usual’ and allowed very little time for companies to plan for an enforced remote working making organisations vulnerable.

The result? – Many businesses had to find work arounds to maintain business operations.

The consequence – Security policies were difficult to adhere to with business continuity taking priority. This meant that an organisations’ cyber postures were weakened, due to a lack of visibility in to their new network and its vulnerabilities.

The rise of the opportunist

The war between cyber security and those trying to exploit it is constantly raging. Security companies and expert individuals innovate and develop around the clock to ensure when new vulnerabilities are identified, the spotlight is shone directly on to them, ensuring they can continue to be defended against going forwards.

When the environment changes or is impacted by external (or internal) influences, the new landscape needs to be understood and secured. This gap in time between the change and the securing provides an attractive opportunity for the opportunistic malicious actor to exploit the gap in defences.

It’s imperative that when these changes occur and especially when they cannot be planned for, they’re understood, scoped and secured as quickly as possible to ensure remote working does make your company vulnerable.

As the old saying goes: ‘You can’t secure what you can’t see

Visibility is the key to security, once you understand the architecture, systems and processes, you need to secure and you can construct a robust strategy to do so.

But what if you can’t?

The immediate shift to remote working means a majority of business connections now lie outside of normal working estates. This means that unless the correct policies, systems, architecture and technology is in place to work securely in that way, there are blind spots.

Business policies that were made with a largely office-based workforce in mind, will need to be reviewed to ensure they are suitable and sufficient. The way users connect to systems may have changed and it’s vital that these new connections are understood and secured. The change of architecture needs to be understood, users are now working from home, meaning they are no longer connecting via your office network, at a minimum the endpoints need to be secured, but secure connections are just as important.

All of the above relies on visibility and your understanding of the situation, environment and your users, to make informed security decisions and ensure remote working doesn’t leave you vulnerable.

User error accounted for 90% of cyber data breaches in 2019

With data taken from the Information Commissioners Office (ICO) and analysed by CybSafe, 90% of data breaches were a result of human error, this is up from 61% and 87% in 2018 and 2019 respectively.

With this in mind, user training requirements need to be understood and met, as a priority.

With a new way of working, which potentially involves the use of new technologies (E.g File sharing or communications) users need to be aware and up-skilled on the new threats they face and how to carry out their role securely.

Clear communication and explanation on new company security policy’s must be provided, with the opportunity to receive feedback and concerns to ensure no stone is left unturned.

The problem with uncertainty, ambiguity or a lack of clarity is that users will try to find work arounds. Users will use different communication channels, file sharers etc, that sit outside if approved company policy. This is often done with best intentions, as a means of being more productive, but the reality is that these choices can cause damage. You need to understand their requirements and cater for them to ensure security policy is upheld.

What do you need to do to ensure you do not fall in to the category of remote working has made companies vulnerable? Click Below

Top three Security considerations with a remote workforce.

Sign up for ‘NCL Insights’

Your trusted source for innovation, technology insights, and market trend analysis.

Why Choose NCL?

For over a decade, we’ve developed a strong reputation amongst our customers and partners for consistently delivering services which help businesses perform optimally and securely. This is why the relationships we’ve developed over the years have become long-standing and deeply trusted.

We’re very proud to have provided continuous IT support to the MoD for over 12 years. This length of service is a testament to the trust the MoD place in our people to deliver results, time and time again. Today, we provide situational awareness of the MoD’s globally-deployed application performance while assisting in troubleshooting issues and collaborating with other delivery partners to solve problems faster.

The lessons we’ve learned in Defence are applied to our engagements with customers in the enterprise sector too, ensuring robust network and cyber management for medium to large scale organisations. We use our long-standing experience in end-to-end performance management as a foundation for all of our services, so we can better define a customer’s complete requirements and deliver a more effective solution, whatever the field of technology. Offering market-leading technology and trusted managed services from ‘Floodlight’ - our own UK sovereign SOC, we work closely with customers in Driving Digital Vigilance across industry sectors.

NCL ‘Industry Insights’ Monthly Newsletter

The NCL monthly newsletter will provide a concise roundup of all the need to know information for IT teams and leaders.