Remote Work Challenges: IT and cybersecurity risks

According to SHRM’s COVID-19 Business Index, almost three-quarters of US employees are currently working from home and globally, 25 to 30% of the workforce are estimated to continue working from home by the end of 2021 and post-COVID-19 according to Global Workplace Analytics. In fact, according to Gallup Research, more than half of the office workers surveyed would be willing to quit their job to take up employment that allows them to work remotely. However, as everything is settling into the new normal, there are numerous factors that IT professionals, VARs and technology service providers must consider when consulting their clients. We discuss what we consider the top 3 in this post:

  1. Comprehensive cybersecurity-focused business continuity and disaster recovery plans
  2. Reliable backups
  3. Develop strong remote security policies

Furthermore, the Official Cybercrime Report, published annually by Cybersecurity Ventures, estimates that cybercrime will cost the world $6 trillion annually by 2021, double the amount it was in 2015.  Ransomware, DDoS attacks, phishing, and other forms of cyber-attacks have become a lucrative industry for cybercriminals. And new coronavirus-themed phishing scams are leveraging fear, duping vulnerable people and taking advantage of workplace disruption. It comes as no surprise then that ransomware attacks have been linked to poor employee IT and security practices.

1. Comprehensive cybersecurity-focused business continuity and disaster recovery plans 

Comprehensive cybersecurity-focused business continuity and disaster recovery plans can ensure that you have the requisite resources to survive a ransomware attack. This means you should at the very least have a perimeter anti-malware system that can filter out malware at the edge of your network. If possible, it is advisable to implement multiple layers of defense such as firewalls, data encryption and complete backups of your IT environment. Should, for example, a ransomware attack occurs, you will be able to restore your IT environment to a point before the attack and so avoid paying the ransom.

2. Realiable backups 

Ransomware criminals often attack SMEs and SMBs. If you don’t have reliable backups and a business continuity plan or are still relying on a manual plan, it could take weeks – if ever – to recover your data and applications after an attack. The best way to fight off a ransomware attack is to avoid it completely. This means proper planning including conducting regular quarterly reviews of critical IT security aspects to diminish the chances of an actual attack. 

3. Develop stronger remote security policies 

Strong remote security policies are crucial not just as a long-term strategy but also as a way to combine cybersecurity defenses across the entire organization. Remote work security policies should be drafted, deployed and provide guidance to organizations from the standpoint of an attacker, which requires some creative thinking.

Ideally, an organization should mitigate the chances of an attack by implementing controls and technology. Plan4Continuity’s Cyber Security – Quarterly review plan, for example, sets out all the checks to prevent attacks from happening at all. These checks include, but are not limited to, identifying and reviewing critical systems, access rights and passwords, reviewing backups and backup data selections and performing a quarterly disaster simulation. 

Layman's Guide to
Business Continuity Planning