Financial services firms are being warned of the cybersecurity risks of homeworking as new government figures show the number of businesses suffering breaches or attacks is on the rise again after falling for two years in a row.
The Cyber Security Breaches Survey 2020 shows that almost half of businesses (46%) had suffered incidents in the past 12 months – up from 32% the previous year – and of these, around a third (32%) were experiencing incidents at least once a week. The average cost of an incident to companies is now £3,230.
According to a leading cyber expert, the number of incidents is likely to rise still further due to the sudden increase in homeworking, posing particular risks for financial services firms. Tim Thurlings of bluedog Security Monitoring says: “These figures show that cybersecurity is an ongoing problem for businesses at the best of times. While many companies are accustomed to having some staff working remotely, the sudden switch to homeworking will have tested their contingency plans and it is clear that many are not fully prepared. Obviously firms have been doing their utmost to maintain services to customers but they now need to address any compliance issues.”
Tim outlines a number of key challenges:
- Use of personal devices – the latest figures show that in over half of businesses (53%), staff regularly use their own laptops or other devices. This is ongoing challenge for companies which cannot be sure they are updated and secure. Tim says: “Staff bringing their own devices to work is one thing, but it is even more risky if they are using them outside the office environment as companies have even less control.”
- Use of home internet – many companies are ‘whitelisting’ employees’ home IP address to allow them to access company systems from their home internet connection, instead of using a VPN (virtual private networks) connection which is much safer. “This means that every device connected to the network – such as the family’s mobile phones and iPads – could potentially access company data,” says Tim.
- Photos on social media – exchanging pictures of their new workplace on social media may help keep up morale, but it can also give away valuable clues to hackers. “Home photos can provide a lot of information about the workstations, devices and operating systems people are using, giving cybercriminals valuable clues about the best ways to break in.”
- Video conferencing – the rise in the use of systems such as Microsoft Teams and Zoom creates a number of potential problems. Even where systems are secure, there it raises privacy issues about operators’ use of data.
The latest Cyber Security Breaches Survey, which is produced by the Department for Digital, Culture, Media & Sport, shows that the nature of attacks has changed since 2017, with more businesses experiencing phishing attacks (86%), and fewer viruses or other malware (16%). They also reveal that while 88% of businesses have malware protection in place and 83% use firewalls, only 38% use cybersecurity monitoring.
Bluedog, which provides remote monitoring services, recently launched a virtual Office365 monitoring service as a low-cost way for firms to monitor threats from remote workers. Tim adds: “The figures demonstrate that traditional security measures such as firewalls and malware protection are no longer enough to stop the attackers. The majority of attacks now involve ‘social engineering’ – persuading employees to open an email or download an app. People are the weakest link, and the rise in homeworking will only exacerbate this problem.
“Companies need to take their security to the next level with 24-monitoring services, which will detect threats entering or already inside the network. This will ensure that any problems are identified and contained as quickly as possible with minimal impact on the business.”