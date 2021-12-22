



Hybrid work can be done immediately out of the box and is irreversible.

As more companies adopt hybrid remote work structures, leaders need to be aware that they have opened some sort of Pandora’s box. Protecting your enterprise from cyberattacks is becoming increasingly difficult as your employees aren’t in a dedicated location and use an almost unlimited number of devices, networks, or Wi-Fi connections.

Talking to BetaKit, Andrew Milne, Chief Revenue Officer of cybersecurity analytics firm FieldEffect, explained how employees can partner with their employers to keep sensitive information safe.

Threat actors come downstream

The main concern pointed out by Milne is that threat actors are moving downstream from attacking only enterprises to supporting full-blown swift attacks. In particular, SMBs are often targeted because they often cannot invest the same resources as enterprises in cybersecurity, he said.

They don’t care if you’re a small business, Milne said. They tell you that you are doing business in some way that steals or steals money from your IP, finances, or your organization, or that you are part of the supply chain they can take. I care.

These downstream attacks also create what Milne calls a one-two punch of cyber attacks. It’s not just one person who breaks into your network and steals something. Currently, there are advanced service providers that invade, quietly scan data in the background, and sell that data (or intrusion service) to what Milne calls a low-threat actor. Then we will use the information they purchased to campaign against you.

To safely support hybrid remote workers, companies need to think about both levels and adapt to how their employees actually work, rather than forcing them to work in a particular way. There is, says Milne.

The Field Effects Guide on the Future of Cybersecurity encourages companies to educate them on new attack strategies such as:

Pandemic-themed social engineering scams: Pretend to have important news and information about COVID-19 at your company. Attacks on remote workers and their tools: Target one employee and invade the entire company. Cybercrime-as-a-service (CaaS): A fast-growing economy for buying off-the-shelf malware and hiring customer service personnel to make phishing scams look more realistic. New Extortion Strategy: Includes threats of privacy breaches that violate new disciplinary security regulations worldwide.

Employees can also step up to make sure they are doing their best to keep the company safe. The Field Effects Employee Cyber ​​Security Handbook recommends several approaches, including:

Recognize that all employees are involved in security: Everyone needs to pay attention to security, especially in remote work, as there are more points of attack than ever before. Get up-to-date on new attack techniques: This includes pandemic-themed scams, impersonating executives, and impersonating banks to make you think someone has hacked your account. Use basic cybersecurity best practices: This is for fraudulent clues such as difficult and complex passwords, the use of multi-factor authentication, strange email addresses and other reply email addresses. Includes time to inspect.Empowering collective interests

If a company wants to be proactive about security, it’s not enough to train employees on how to identify (remove) phishing emails and spam attacks, Milne said. You have to give them a way to tell it outwards and tag it as an attack. This approach gives someone who sees something malicious the opportunity to do something about it.

The Field Effects Incident Response Cheat Sheet provides some simple next steps if you suspect a compromise.

First, take a break not to make a decision in a hurry. Then identify and warn all stakeholders involved. Third, work with stakeholders to properly identify threats, recover lost data, and protect things from happening again.

Milne added that this process only works if the company changes the incident response adjustments.Empowering collective good means moving from blaming people to asking how they develop their abilities. [employees] How to take action and get involved in company security?

According to Milne, another important part of success is that all steps need to be easy to perform. Otherwise, you will have a hard time adopting. Many companies are trying to make things easier by instructing employees to forward suspicious emails to IT or security teams, adding that it creates a huge backlog with the risk of key persons. I did. Instead, Milne encourages businesses to explore ways to leverage technology to perform laborious tasks. Not only does it extend security practices, it also provides people with an easy way to keep themselves and their colleagues safe from cyberattacks.

According to Milne, the tool is provided without creating inertia that the security team can’t handle.

Remote work cannot be returned to the box

Despite saying that some companies are planning a full return to the office, Milne makes it clear that hybrid remote work isn’t going anywhere.

Hybrid work can be done out of the box right away and irreversible, Milne said.

But what bothers him is not that some companies want to go back to the office. His frustration lies with companies using cybersecurity as a reason to return to the office, saying it’s not an exact concern.

According to him, the new technology enables a safe environment for remote and hybrid workers. The problem is that many employees and businesses alike don’t know how to take advantage of these technologies, both in platform-specific cases and in general best practice cases.

Field Effect has published a cybersecurity checklist for remote workers to help employees work better with the company to ensure everyone’s safety. This checklist contains 13 questions that every employee asks their employer, such as making sure the company has a remote work cyber security policy and making sure they are appropriate. Use the policies of your personal device or other remote work tools.

The company has also created a cyber security starter kit specifically designed for startups and SMBs. It features a collection of the best cybersecurity resources carefully selected to enhance your enterprise’s defenses.

According to Milne, security should not be the driving force behind being in or out of the office.

Download a copy of the Field Effect Cybersecurity Starter Kit to enhance your company’s defenses.

