With the computer and IT being the sector with the largest proportion of firms seeing an increase in cyber threats while working remotely, medical and health comes just behind in second with 73%, followed by accountancy, banking and finance (67%) and charity and voluntary work (62%).
Despite the seemingly increasing dangers to networks and devices within computer and IT while working from home, 85% of companies in this sector said that they would consider a permanent WFH model.
Marketing, advertising and PR, as well as recruitment and HR, also seem mostly positive about possibly working remotely on a permanent basis, with each sector having 79% of companies declaring possible consideration.
How to empower a remote workforce in the long-term
At the other end of the scale, travel and hospitality was found to be the sector with the lowest proportion of companies seeing a cyber threat increase (31%), as well as having the lowest proportion that would consider permanent WFH (23%).
Similarly hesitant sectors when it comes to possible permanent WFH were found to include charity and voluntary work (25%) and legal services (28%).
In terms of what kinds of cyber attacks companies have been concerned about, 96% cited ransomware as a major concern, followed by crypto jacking (74%) and phishing (67%).
Staying safe and reducing cyber threats
Darren James, cyber security expert at Specops, provided the following five pointers for staying protected from cyber threats:
- “Make use of tools that can check your current passwords for ones that are on existing breached lists. Encourage users that are using breached passwords to change them.
- “Encourage the use of passphrases, e.g. 3 random words, block the use of any breached passwords, and if you are planning on increasing expiry times to avoid the ‘cached password’ issue, look at using these longer expiry times as a way of rewarding the use of passphrases. Also, consider reducing complexity as a balance for increasing the length to try and avoid users writing passwords down on post-it notes.
- “Another common attack vector post-Covid, are social engineering attacks on service desk staff. Users are no longer able to visit IT departments in person, and may be calling from public numbers rather than internal, so making sure that your service desk is actually speaking to ‘Susan from Accounts’ and not a hacker is very important — the days of being able to ‘recognise the voice’ isn’t a viable option any more.
- “Don’t forget to enable disk encryption on all devices that handle corporate data, this includes mobile devices, and use restrictions to block logins from disallowed countries or non-compliant devices.
- “Don’t forget the basics; make sure you have backups of all business-critical data. Make sure you test the backups, and make sure you store those backups in a secure location and in an encrypted state. Review permissions to sensitive data both in the cloud and on prem, to make sure that the right people have the right access to the right data.”
Don’t build a maginot line of data security because without cyber security you are still vulnerable
The study from Specops, which surveyed 2,043 business owners across 11 sectors, follows a finding that 41% of employees from across various sectors have not been given adequate cyber security skills for remote working.