Blog 18 December 2020

Avoiding a Cyber Nightmare Before Christmas

While 2020 is likely to be a year many would prefer to forget, the changes it has brought to our lives are likely to have lasting effects, even after COVID-19 is finally put to rest. One area of change has been work: Post-pandemic, half of British employees are demanding flexible working arrangements, with 30% prepared to quit should their employer demand a full-time return to the office, according to Kekst CNC’s COVID-19 Opinion Tracker.

For businesses, the temporary work-from-home measures put in place during the first lockdown have become semi-permanent. These arrangements, however, pose heightened cybersecurity risk, given that many employees are working from home via public networks, opening a path for hackers to install malware and ransomware and access sensitive data.

COVID-19 has opened the floodgates to cyber incidents: Over the past year, 98% of surveyed UK businesses suffered at least one security incident, with the vast majority of attacks related to employees working from home, according to the VMware Carbon Black Global Threat Report. This increase is mirrored in the rise of firms coming to us for cyber-crisis support, often through our insurance partners, where vulnerabilities accessed through remote VPNs have been the entry point.

Furthermore, stretched and faraway IT resources have resulted in a rise in “phishing” attacks, as employees click on emails that, in an office environment they might first have double-checked before opening: A recent false UPS email sent as a test to 85,000 employees was clicked through by 12.3% of them.

This week another risk factor comes into play: Christmas. With significant numbers of IT support employees taking more time off than usual due though built-up leave, businesses will be managing resources with even less support and cyber criminals will have even further opportunities to access systems with less scrutiny.

So, what are hard-pressed corporates to do with the holidays imminent and many more months of working from home looming ahead? First, check in with IT to make sure services are up to date and that remote security systems are in place, such as multi-factor authentication. This isn’t just an operational action – it’s the first question you’ll be asked by customers and media if something goes wrong.

Second, make sure your internal communications convey the increased threat and what employees working from home can do about it, including identifying the right channels for queries and escalation.

Thirdly, get your ducks in a row. If there is time, develop a crisis communications playbook. If not, know who has responsibility for responding to a crisis, how you will meet remotely, and who will communicate with each stakeholder group (making certain these have been identified and core contacts collated). And given that it’s Christmas, make sure the second-in-commands are in place – in the event your main point of contact is on a brisk Boxing Day walk or feeling the effects of a few too many sherries. Be aware of who manages social media, particularly if it’s an agency, and who the key contacts are. And if you’re undergoing a digital detox, make sure people know how to get hold of you if something does go wrong, even if that means calling your mother’s landline.

Christmas is supposed to be about time for family, fun and recharging your batteries – not worrying about work. This year, those aspects will be more important than ever. By putting a few simple measures in place, you can alleviate those nagging concerns – and come back refreshed in the New Year to tackle those bigger decisions about long-term flexible working.