Cybersecurity an afterthought for businesses during the pandemic, study suggests

Cybersecurity has become an afterthought for commercial clients amid the coronavirus pandemic, with companies not implementing enough safeguards for employees working from home, a new report warns.

Not only are few companies providing employees with company devices so that they can safely work from home during the coronavirus pandemic, but even fewer are providing employees with guidance on how to work securely on their personal devices, according to the report from cybersecurity company Kaspersky.

Those working for smaller businesses (57%) were less likely to receive a company device for working remotely from home compared to those employed by companies of different sizes (45%), according to the survey, How COVID-19 changed the way people work.

Nearly three-quarters (73%) of employees said they’ve received no additional security awareness training after they made the move to work from home full-time. The survey also found that only one-third of small business staff (34%) reported being given any IT security requirements in order to use their personal devices — be it a personal computer, laptop, tablet or smartphone — securely while working.

Kaspersky noted such recommendations could include that staff:

• ensure they have an anti-malware product installed (or provided to them by the company)
• use strong and unique passwords on their devices and WiFi routers
• regularly update their devices’ operating systems in order to reduce risks from unpatched vulnerabilities.

iStock.com/iLexx

It’s important for employers to give these types of instructions to their staff, Kapersky noted, because 35% of small business employees reported that they’re now storing more valuable corporate information on their home devices. Twenty-five percent said they’re also using personal cloud storage systems to keep information.

Furthermore, 27% of respondents said they’ve received a malicious email related to COVID-19 while working from home. “Scammers may be trying to prey on worried workers who want to learn more about the coronavirus pandemic, as well as potentially vulnerable corporate networks while staff are stuck at home,” the report said.

It’s not a big surprise that cybersecurity becomes an afterthought in times like this, said Andrey Dankevich, senior product marketing manager for B2B product marketing at Kaspersky. The pandemic has backed companies into a corner, as they look for ways to survive a potential downturn, and so their first thought is how to keep the business running and staff employed.

“However, implementing even basic IT security requirements can decrease the chances of malware infection, compromised payments or lost business data,” Dankevich said. “Moreover, there are plenty of recommendations already given by cybersecurity experts that businesses can share with their employees to help them keep their devices safe. And of course, the requirements should be followed not only during home isolation but continued when staff work remotely in the future.”

Kaspersky provided the following tips for employers to protect employees working from personal devices:

• Home devices should be protected with an antivirus solution.
• Device operating systems, as well as applications and services, should always be updated to the latest versions.
• Password protection should be switched on for all devices including mobiles and WiFi routers. If a router has a default password, it should be changed to a new and strong one. The password manager feature in a security solution helps to generate and store unique and strong passwords for every account.
• Home WiFi connections should be encrypted, ideally with the WPA2 encryption standard. This can be done in router settings.
• A VPN should be used if an employee is using unknown WiFi hotspots.
• Use a security solution that enables device and server encryption and creates backups for all corporate data; this will help to restore data quickly in case of a ransomware infection.
• Provide employees with a list of reliable cloud services they can use to store or transfer corporate data.
• Conduct basic security awareness training for your employees. This can be done online and should cover essential practices, such as account and password management, email security, endpoint security and web browsing.
• Ensure your employees know who to contact if they face an IT or security issue.

Feature image by iStock.com/matejmo