07 Apr One of WFH’s biggest losers: Cybersecurity
Nearly half of businesses say work-from-home policies have hurt their cybersecurity practices, according to Verizon’s (More than one in five companies surveyed said their mobile-device security was compromised, involving the loss of data or operations disruptions in the preceding year. And two thirds of respondents said that mobile device-related risks increased in the past year. “Companies are still failing on the basics,” the report said, which include such simple protections as encrypting sensitive data across open, public networks and restricting access to data on a “need-to-know” basis. Bad guys get smarterAnd even as companies scramble to improve their cybersecurity practices, bad actors are upping their own games. “[Cybercriminals] are getting increasingly creative at finding new ways to fool users, break through companies’ defenses and compromise organizations’ systems and cloud-based apps,” the report states. Mobile phishing attempts, for example, increased by 364% in 2020 compared to the prior year. And while phishing — an attack wherein bad actors impersonate a legitimate company, service or person in order to steal sensitive data or install malware on a user’s device — presents a huge threat, almost half of US employees don’t know what it is, according to a separate study from security software firm Proofpoint. That suggests companies still have much work to do in equipping workers to avoid threats. There are a range of steps companies can take to protect themselves, and many services available to help with this. But some firms just need to start with the basics: Nearly half of companies don’t give employees regular training on mobile-device security, according to the Verizon report. “Teach your employees how to spot signs of phishing—being suspicious is good,” it states. That should include checking that email addresses match who they purport to be coming from, watching out for misspelled links in emails and being suspicious of incoming phone calls from unfamiliar numbers. “And, of course, it should be a rule to never supply login credentials or personally identifiable information in response to any emails or calls,” the report states.