One of the most immediate consequences of Covid-19 has been the rapid global shift towards working from home where possible.
This move to digital remote working gives rise to countless questions and challenges, many centring on employee and device safety and security. According to EY, 77% of organisations want to move beyond having basic cybersecurity protections.
“Cybersecurity has therefore become a board-level issue for businesses,” says Sarah McNabb, Market Advisor, Digital Technologies at Enterprise Ireland UK.
“Once a reactive issue, this is rapidly becoming a proactive concern, as companies race to ensure devices are safe and home WiFi connections are secure, while employees are well trained and understand the risks of phishing and cyber-attacks.”
During these uncertain times, Irish cybersecurity companies can offer innovative solutions to the challenge of managing a remote workforce. Many are free or open to all, including:
- CWSI’s Secure Remote Working Hub
- Cyber Risk Aware’s free Covid-19 Phishing Test & Training
- Sytorus’ free trial of their Privacy Engine Tool Privacy Engine Tool.
Read on to discover best practices and advice from some of the Irish companies that can help your employees work from home safely and securely.
- Edgescan: continuously monitoring threats
Remote working must happen over a VPN or similar solution to help ensure secure, encrypted communications, says Eoin Keary, CEO and founder of Edgescan, an award-winning vulnerability management service (SaaS) and one of Ireland’s largest cybersecurity exporters.
“Access to network systems in the office should be on a least-privilege basis and if your organisation has a Network Authentication Server (NAS), make sure it’s configured and enabled appropriately,” he says.
Appropriate patching and anti-virus measures should also be enabled on employees’ computers, he adds, to prevent viruses spreading into the office network once people return to the office.
Edgescan helps its clients worldwide to understand, prioritise and mitigate cyber security risks on a continuous basis, including when offices are closed and employees are working remotely.
- CWSI: ensuring secure enterprise mobility
The rules governing data security and cybersecurity don’t go away just because people have to change how they work, says Philip Harrison, CTO and co-founder of CWSI, which specialises in secure mobile and workforce solutions and works with many large organisations from its offices in Dublin and London.
“The cyber-criminals and hackers certainly aren’t taking a break to let us all adjust, so more businesses are more vulnerable than ever,” he says.
A core tenet of any information security management system is that your security or compliance is not weakened during a business continuity or disaster recovery scenario.”
Two-factor authentication, he adds, is critical to protect corporate data. Businesses should also ensure mobile devices are secured with a mobile thread defence (MTD) solution.
Employees should be encouraged to report security incidents to IT while they’re working from home and to be vigilant about keeping data secure at home, even through simple steps such as locking their screen when they walk away.
- Cyber Risk Aware: training on cyber security in real time
Using VPNs and patched applications on encrypted up-to-date devices is critical to security for remote workforces, agrees Cyber Risk Aware’s CEO and founder Stephen Burke, himself a former chief information security officer (CISO).
These devices should be company-issued, with password-protected and encrypted files and data, he says. “I know what it’s like being on the inside defending a network. Personal accounts and devices can really leave a business insecure and vulnerable to cyber attacks,” he says.
Clear, secure lines of communication are also critical, he adds, advising companies to avoid channels such as social media and Whatsapp when working with sensitive data. Likewise, businesses should avoid ‘shadow IT’ or the unauthorised downloading and use of software and systems.
Cyber Risk Aware is the only company in the world to offer a real time cybersecurity awareness training platform. It helps companies worldwide assess and mitigate human cyber risks, the root cause in over 90% of security incidents, by running simulated phishing attacks, assessing cyber knowledge to locate risks within a business and providing security awareness training content when needed.
- Sytorus: specialising in data and privacy management
Companies and organisations around the world have been urgently seeking information on minimising the risk of data breaches or employees getting hacked while working from home. So says John Ghent, CEO of Sytorus, which offers a SaaS privacy management platform and is a global market leader in data protection and privacy management.
“Many people newly working from home are likely to have smart TVs, gaming platforms, and wireless routers, with some also having Internet of Things (IoT) devices installed,” he says.
“All these can add complexity to the security challenge and vulnerabilities to the network, and home networks are not usually sufficiently protected.
Ghent advises organisations to update their remote access policy or develop one if none is in place, and to ensure all staff complete a full cyber security awareness programme (covering topics such as malware, acceptable use and device security) and understand the high risk of Covid-19 related phishing emails.
- TitanHQ: protecting higher education and business
Along with businesses that must suddenly enable remote working, universities and colleges that now have to facilitate remote lectures and study must also be mindful of coronavirus-related cyberthreats, says Ronan Kavanagh, CEO of TitanHQ, a multi-award-winning web filtering, email security and email archiving SaaS business.
“We have seen massive demand so far this year for two products in particular that can be rolled out seamlessly to remote devices,” he says.
“These are SpamTitan cloud-based email security, which protects students and staff from the newest iterations of phishing attacks, and our AI-drive DNS security product, WebTitan. Combined, these create an umbrella layer over all students and staff protecting their devices.”