The global migration to remote working has made businesses realize its many benefits, but cybersecurity is one antithesis that needs urgent addressing.
COVID-19 has accelerated the introduction of remote working (or work-from-home) by at least five years for 62% of organizations in the Asia Pacific (APAC) region, according to a new study by Barracuda Networks.
This is the case particularly in the legal (75%), human resources (75%), education (67%), and travel & transport (67%) industries.
The APAC study, conducted by independent research agency Censuswide, involved 1,055 business decision makers in Australia, New Zealand, Singapore, Hong Kong and India in July 2020 to gain insights into the current mindset of business leaders about the opportunities and challenges regarding future of work trends resulting from the COVID-19 pandemic.
One of the key findings is that the mindset of business leaders in the region has now shifted to optimism, with 82% planning to keep remote working in place for employee productivity and business continuity (once the pandemic is over) for a more flexible and hybrid workplace.
This is a significant shift in thinking among business leaders in APAC as they realize the positive impact a remote-working model has had on overall business productivity. Many had been forced to accelerate their digital transformation and cloud adoption efforts to support this shift, which is putting them in good stead to recover from COVID-19, as well as create a new future for their business.
However, despite the positive impact the shift to remote-working has had on organizations in the region, multilateral security challenges have also accompanied this shift, with many organizations not totally aware of the risks involved.
According to Barracuda’s VP of APAC, James Forbes-May, the results show that businesses across the region are committed to pushing forward with their digital transformation plans, and thereby embracing the power of the cloud in order to aid their business growth strategies. “This is encouraging during these increasingly-difficult market conditions. The results also indicate, however that widespread remote-working from COVID-19 poses additional cybersecurity risks, leaving many businesses vulnerable as they focus their attention on business continuity.”
DX has fueled intense cloud adoption
According to the study, COVID-19 has been the catalyst for 75% of organizations in APAC to
accelerate digital transformation (DX) plans in the next six months to ease the burdens placed on the
traditional business model by remote working.
A key component of this transformation is cloud computing. On average, 69% had fast tracked plans to
move all data to a cloud-based model, particularly in the IT and telecommunications (81%), manufacturing and utilities (76%) and healthcare (74%) sectors within the region.
About 74% believed this shift will help reduce overall IT costs to support business growth. The net result is an increase in overall business productivity for 63% of organizations in APAC since the shift to a distributed workforce.
Remote working presents multilateral security challenges
The study indicates that 51% of organizations in APAC have already had at least one data breach or cybersecurity incident since shifting to a remote-working model, with 49% reporting that employees had experienced an increase in email phishing attacks. Also, 45% of organizations expected an incident to occur in the next month, and 61% were concerned about unknown threats that will cause business disruption in the next six months.
Alarmingly, 46% of organizations in APAC did not have an up-to-date cybersecurity strategy and solutions in place that cover all the vulnerabilities posed by full-fledged remote-working. This was made more difficult by 63% allowing employees to use personal email addresses and personal devices to conduct company work.
Maintaining safe security practices is always essential, but this is a step that is easily overlooked in the frantic rush to get everything set up to support remote-working. More employees working from home means that more devices are connecting remotely, outside of the secured corporate network. It is critical to understand what remote workers are doing with data that is rapidly going out of corporate network control. Such vigilance is needed in order to make data more effective and more secure.
“While many companies in the region were already used to facilitating remote-workers, the scale required due to the pandemic has left many company CIOs and IT departments overstretched, as they jostle with business continuity planning as the key priority. This has left a lot of businesses vulnerable, as they are focused on surviving the crisis with resilience planning,” said Forbes-May. He reiterated that, for remote workers who are using corporate-owned laptops, secure internet access is key. “A user who accidentally navigates to (a malicious website) can release destructive malware into the remote device and then into the corporate network. IT admins need to be sure that they have a web security solution in place that can prevent their remote users from accidentally downloading malicious content.”
Inappropriate web browsing on corporate devices can also result in company-wide consequences. When individuals are using their devices at home, IT does not have the same visibility or control over web activity that they would if everyone was in the office. Remote users can violate technology usage compliance by browsing the web with no access restrictions, resulting in lost productivity and potential legal implications.
The attack numbers are real
The APAC study highlights that most businesses are allowing staff to use personal email addresses and devices for work, which adds an additional layer of risk, as such email addresses are often unmonitored by IT personnel and departments, and so can be more vulnerable to attacks.
Unfortunately, in any crisis situation, there are always those who would seek to prey on the weak for their own financial gain. Said Forbes-May: “Earlier this year we saw a staggering 667% in the number of phishing attacks targeting businesses using COVID-19 themes including scamming, brand impersonation and business email attacks. The goals of the attacks range from distributing malware to stealing credentials, and financial gain.”
Train staff to be security conscious
As always, a corporation’s people are its first line of defense, whether they are working in the office or doing so remotely. Making sure that teams have the right security awareness training to understand, identify and report potential threats like suspicious emails, will be key to keeping the main systems and data protected.
Forbes-May has the following advice: “Making sure you have distinct security protocols and policies around remote-working is key to promoting the right kind of employee behavior online. Also, encourage employees to practice good cybersecurity hygiene, like making sure their home WiFi connection is secure. Never leaving written passwords out where they can be seen, and regularly-updating devices with the latest OS and security patches, can go a long way in helping your team to stay safe.”
All these standard best-practises should of course be underpinned by a watertight web security solution to help reduce the likelihood of a data breach or cybersecurity incident, said Forbes-May. “The solution allows you to apply and update security policies remotely; scan files and monitor downloads, website visits and remote devices for malware. Employing the most up-to-date technology to detect and combat a wide range of threats, including spearing phishing and other social engineering threats, will give you peace of mind, knowing your employees have the best possible protection while they go about their daily work.”