Navigating the Cybersecurity Challenges of the Return to the Office
The where of work is beginning to be characterized by three working models – fully remote, hybrid with employees splitting time between the office and remote and in the office full-time. While the COVID-19 pandemic challenged enterprises to securely support remote working at scale, now, more than a year later, they face cybersecurity challenges associated with millions of employees returning to the office in either a hybrid or full-time capacity. To support this transition, it is critical for enterprises to have a secure by design communication and collaboration platform.
A survey by McKinsey found that nine out of ten executives envision a hybrid working model going forward. And data from office security firm Kastle Systems of 3,600 buildings in the United States cited by a recent New York Times article indicated that about a quarter of employees across the country are currently going into offices.
IT leaders are concerned about the greater cyber risks associated with the mass migration of employees back into the office. A survey released by email security company Tessian found that:
- 56% of IT leaders believed their employees have picked up bad cybersecurity behaviors since working from home.
- 69% of the leaders said ransomware attacks will be a greater concern in a hybrid workplace.
- 54% of IT decision makers are worried that remote workers will bring infected devices and malware into the workplace.
These concerns are well founded. With devices moving in and out of enterprise networks under a hybrid working model and the greater reliance on unsecure collaboration apps and tools during the pandemic, employees returning to the office may unknowingly provide a gateway in for cyberattacks on corporate networks and systems.
According to the 2021 Thales Global Data Threat Report, a commissioned study conducted by 451 Research, globally, malware (54%) is the leading source of security attacks, followed by ransomware (48%), and phishing (41%). The report noted that “when it comes to how attacks occur; the message is clear: internal threats and human error are still of great concern to industry.” The report revealed that a third of businesses pointed to human error as one of the greatest risks to them.
Whether employees are remote, hybrid or in the office full-time, cybersecurity lapses can and will happen. Business Email Compromise (BEC) is one area where these lapses frequently occur. According to the FBI’s 2020 Internet Crime Report, the Internet Crime Complaint Center (IC3) received 19,369 Business Email Compromise (BEC)/ Email Account Compromise (EAC) complaints with adjusted losses of over $1.8 billion.
BEC attacks involve malicious actors spoofing emails to make the recipient believe an illegitimate email is coming from within the company. While these types of emails look and feel genuine, they typically contain a phishing link, a malicious attachment, or a request to transfer money to the attacker.
The threat of BEC is especially prevalent when employees are distracted. Cyber criminals, aware that employees will be distracted in the transition to hybrid or fully in office work, are poised to take advantage of the situation with BEC attacks.
Built in an entirely open manner with a general lack of encryption, email is a primary attack vector for bad actors. From phishing to ransomware, email compromise represents one of the most dangerous cyber threats for enterprises.
At a time when employees are returning to the office and connecting to enterprise networks and systems, IT teams need to take steps to ensure cyber criminals are not exploiting the changing mix of remote, hybrid and in office employees.
While there will be a lot of security challenges associated with employees returning to the office, the security of communication and collaboration should not be one of them.
When it comes to secure communication and collaboration, enterprises should rely on an an entirely encrypted, secure platform like NetSfere. Encryption protocols built into the platform mean that the communication existing on NetSfere is validated from originator to receiver. And, because its only accessible to invited outside users, there are never any problems with spam.
NetSfere’s platform is also extremely difficult, if not impossible, to spoof which is vital to eliminating cyber risk related to human error. Cyber criminals attempting to break the encryption algorithm, would have less than three seconds to do so before the algorithm automatically changes. The computing power required to successfully spoof the platform would create enough heat to boil the world’s oceans.
Getting cybersecurity right with secure tools - tools that have security built in - will put enterprises in the best position to successfully navigate the challenges of employees returning to the office.
NetSfere, like other companies, is going through the transition of employees returning to the office with company employees working a hybrid schedule. Secure by design, we know NetSfere will hold up to the cybersecurity challenges whether the work is remote, hybrid or in office. That’s peace of mind.
Shouldn’t your enterprise have that same peace of mind?