With the roadmap out of lockdown now underway, many employees are set to return to the office either part-time or full-time. While this might be an exciting development for many, businesses need to be aware of the IT risks the return poses.
While companies may think they have good IT security in place, in lockdown employees have been swapping between devices, using USB media, and sharing devices with other family members as well as accessing their own IoTs devices, and all across a flat network. This is a problem because flat networks don’t have the same level of protection as corporate networks. So, it’s highly likely your employees could be walking back into your office with devices that have been loaded with malware, making your business vulnerable to hackers.
Phishing attempts have risen 600% since the end of February (Accenture) and malware has been on the increase since the start of lockdown. Since the start of the pandemic people have been targeted with sophisticated, highly emotional scams, for example, a WHO headed letter suggesting insurance against COIVD-19 is a good idea. And in a recent webinar poll, Ultima found 60% of IT staff say their remote end users don’t have next generation anti-virus tools on their end devices.
Scott Dodds, CEO, Ultima, says, “The risk is very real to your business with workers returning to the office. We’re noticing a new trend – hackers are now biding their time and using more advanced and persistent tactics to work out how to access corporate networks. They are dwelling on the device or system for long periods to monitor how it’s used. Once employees return to the office with a dormant infection on their machine it will then spread laterally across the corporate network, allowing the hackers to hold you to ransom.
“CEOs need to be aware of these risks and ask their IT staff what they are doing to mitigate them. We know many companies are tied into three-year anti-virus licensing agreements, but if their security is not offering next generation threat detection and response then they should be asking why not. The latest automated security tools hunt for threats across your organisation and network and help you shut it down before they cause damage or disruption,” says Dodds.
Most home office workers use a flat network at home – where traffic travels through one switch – so it is not possible to segment the networks into sections and prevent different users from accessing certain parts of the network. This results in threat actors and malware being introduced much more easily as they don’t have the same level of protection (proxy blocking and firewalls) that a corporate environment does.
If an employee or another home user is sent a scam email, for example, it might not be blocked at home. It is then difficult once the home network is infected for home users to remediate the situation as they usually have more limited access to help desks and technical staff. And where home users use USB media the chances of infection are even higher as the latest malware can ‘hop’ from one device to the next across the USB stick to a new device.