The cyber attack threat continues to grow.
The latest startling statistics show that more than 80% of UK businesses experienced at least one cyber attack in 2022. This is up by just under 10% compared to the previous annual findings.
To put that into greater context, that number means more than 4,400,000 registered companies were targeted at some point over the last 12 months in the UK.
That’s not all.
The same report highlights that IT managers across the UK only spend 11.3% of their budget on security, while a survey recorded between October 2021 and January 2022 showed that 36% of businesses that suffered a cybersecurity breach took no action at all.
The reality is that, actually, businesses are easier to target than ever before. Remote working, which was forced upon us by the COVID-19 pandemic and then adopted permanently by millions of companies across multiple sectors, is leaving our networks exposed more than ever before.
The reality is that those statistics are going to look even worse later this year. And according to David Ballard, Director at UK WiFi specialist consultancy Performance Networks, it’s high time that businesses prioritised implementing more stringent security IT strategies to combat this growing threat.
Home working became an enabler in a post-pandemic world
During the pandemic, we had that immediate switch to homeworking.
That greatly accelerated the way we use home technology, how we engage with online streaming and how it has been integrated into our working lives through Apps like Zoom, Microsoft 365 +Teams, and Google Hangouts.
Prior to that, most companies didn’t care about your home WiFi setup. That shouldn’t be the case anymore with the number of people either working fully from home or hybrid working. While remote working was initially forced upon us, statistics now show that one in five Brits wants to work full-time remotely.
That means business personnel need to be able to operate at a distance, which could not be achieved with the old ways of working.
It was a significant change for IT managers up and down the country to facilitate, to be able to implement that agility and ability to be able to work from any location.
So whilst agility was embraced to quickly enable home/remote working, there wasn’t in most cases the time to really look into the security when working from home – or a co-working space for that matter. This remains an issue even now for most companies.
But that itself has caused a problem
Going back to the overnight shift to remote/home working, IT teams had to try and find a way of managing a situation that was once housed under one roof to one that is now in multiple locations.
The vast majority of businesses have a process for working remotely. We’re well-tuned with it now and a great deal of effort and investment was put in to ensure workers were able to work from wherever they were based.
What was neglected was the security element of that. Most people are now aware of what a VPN (Virtual Private Network) is, yet further research shows that only 32% of businesses have a VPN for their remote staff.
For those unaware, a VPN (Virtual Private Network) is a service that can help secure your internet connection. It can provide an encrypted tunnel into your existing office or data centre setup, thus securing access to important resources.
It can also ensure every home user appears to come from a single constant IP address (or range). This can be very useful in securing access to resources and is just one form of MFA (multi-factor authentication). But when setting up home-to-work VPNs, we would also advise you to secure the initial connection using 2FA (two-factor authentication) via phone App or text.
It’s imperative because the very tip of the iceberg here is that IT managers have very little awareness or knowledge of what security measures are in place locally at home. Everyone’s homes and requirements are different. People are no longer working in a standard environment.
It also raises the question of how secure the network is that they’re operating. Do they have an open WiFi network or a very simple password-protected one? Managing home security just adds another layer of challenges IT teams are being posed in 2023.
How to build an IT strategy that tackles the growing cyber security challenges
What’s clear is that a lot of UK businesses do not have an integrated plan when it comes to security for remote working.
While it is a lot of work, an infrastructure plan needs to be built around it, enabling companies to work on people’s existing home hardware and ensure that whatever is coming through is secure.
There are different standards of security within WiFi. Remote working has made it all too easy for hackers to break the security lines, mainly because so many remote workers do not have Enterprise-grade security in place.
With security comes complexity and the set-up of that, generally, is seen as too complicated for the home environment. How that gets addressed is becoming more and more important but there are simple solutions that businesses can implement to get around this issue.
Though it comes with a high price point, businesses could implement an all-in-one Enterprise grade firewall/router/VPN endpoint/access point and centrally manage the configuration so it is uniform across the company.
A cheaper option would be to implement software VPN clients on the user’s laptops with 2FA and limit admin-level access, then advise on best practice home WiFi setup, which includes minimum passwords and not using old encryption methods (WEP etc).
Lastly, change the default admin password to the router, because if a hacker gets access to this they can redirect you to things like fake sites. Regularly check for firmware updates to ensure no known security holes are exposed.
The future of home working via wireless is only going to expand and become more important
The software at our disposal is constantly evolving and using more bandwidth.
WiFi and wireless are only going to increase in usage, right across all devices that we have access to. However, with that comes more opportunities for hackers.
They could sit outside of your house and break into the company via your poorly protected WiFi network. Or ‘pretend’ to be your home WiFi network so you connect via their WiFi access point.
The development of security with home WiFi is going to come under huge examination over the next few years – more than it is right now. It is more exposed and under more scrutiny, than it has ever been.
And you’d be mistaken for thinking this is just isolated to SMEs.
Over the last couple of years, there have been a number of high-profile examples of businesses that have been hacked, including Royal Mail, Meta, Samsung, LastPass and even Apple and I suspect we will see more of that.
Cyber security is something that can’t be ignored in the slim hope you won’t be targeted. It has become a top priority for businesses to shore up this coming year.