A recent survey show too many businesses are leaving employees to their own devices
The results of an independently commissioned research survey by Leeds-based Gauntlet Risk Management, published on April 17, suggest British businesses, currently operating through working-from-home employees, need to focus more on their cyber security and the possible vulnerabilities of WFHDs (Working From Home Devices).
41% of those surveyed said they believe more British workforces will become victims of cyber crime, specifically because of working from home practices during social distancing. This view is held by six- in-ten Londoners and 59% of those in the South East.
14% of interviewees said they, or a family member, is now working from home, with access to their work computer systems but without having had any check carried out by their employer to assess whether they have any anti-virus software or other cyber security measures.
Some regions have more cause for concern. 23% of those based in Northern Ireland and 22% of London-based employees have undergone no audit but are accessing work computer systems.
The feedback is worrying. Four-in-five interviewees (80%) stated that their place of work has no cyber risk policy or procedures in place in general, even before lockdown and nearly one in ten (9%) said the password to access the company wifi was common knowledge, prior to social distancing.
More than one-in-twenty (6%) in general and 14% of those from London said they regularly take part in video conferencing but never use a password to enter the virtual meeting. Another 4% (8% in London) said they do use a password but it is the same one every time.
Although there are 1.6m successful cyber attacks on small and medium-sized businesses alone in the UK each year and one small business is hacked every 19 seconds, coronavirus is perceived as a more likely threat. 47%of those living in the South East think they are more likely to catch coronavirus than be caught out by a cyber criminal. Over a third of Londoners (35%) feel the same.
And despite all of the publicity that has accompanied the growth of cybercrime, only 55% of interviewees know what a malware link is. One third (33%) did not know what phishing is and only 22% had heard of social engineering.
The lowest awareness of malware links was found in Northern Ireland (15%) and in the North East (16%). These two regions also came out at the bottom of the table for awareness of phishing, where 19% and 23% respectively know what this is.
One-in-eight people (12%) admitted that, in the past, they had innocently clicked on a malware link, but only 8%worry about making an error that could cause a cyber attack on their workplace.
Gauntlet Risk Management’s sales director, Andy Parkin, says: “The survey confirmed much of what we already felt would be the case in relation to cyber security in lockdown – that it is woefully inadequate and that employers have not been prepared, because in four out of five cases, they had no cyber security policy in place as their framework.
“Many workplaces were already exposing themselves through not having procedures to govern private devices used in conjunction with company systems. Now that hole in security has widened, as we have WFHDs linking into employers’ systems, on a major scale.
“With surprisingly high levels of non-awareness of criminal tactics such as malware links and phishing, we feel many businesses need to urgently get procedures in place but, more importantly in the short term, buy a cyber insurance policy that will step in to assist them, should the worst now occur. Cyber attacks can be hugely expensive incidents, even for small businesses, and this size of business often also lacks the IT support that can step in to try to get systems back up and running. The access to expertise, along with financial protection, which a good cyber insurance policy can provide, is worth its weight in gold for SMEs.”
Flexible working practices and Bring Your Own Devices (BYOD) practices were under the microscope prior to social distancing being introduced. Experts warned that all BYOD laptops, phones and tablets needed to be vetted and have patch, configuration and AV checks, before being allowed to connect to company systems.
Just one unsecured device can compromise an entire network and lead to data loss or criminal theft. Businesses are now trusting, rather than checking, that employees have strong passwords, up-to-date software, virus protection and honest family, friends and associates.
According to the National Cyber Security Centre, upgrading security when new software is available, is the most important thing to do, to help protect systems. Under lockdown, it is highly unlikely that this will happen across all devices with access to an employer’s network.
“Our survey results are published at a time at which Europol has issued an infographic explaining how to make a home a cyber stronghold and GCHQ has stated that cyber criminals are using the coronavirus pandemic as an opportunity to engage in more phishing and malware-related activity. British businesses should be very worried,” says Andy Parkin.