With the COVID pandemic, everyone has been forced to operate more remotely and this is even more prevalent in schools where remote learning is a standard, as parents are afraid to send their children to physical buildings or governmental regulations have prohibited in person classes. This opens schools up to higher levels of IT security concerns. So what are the biggest issues you should be focused on:
Remote Workers will Continue to be the Focus of Cybercriminals Through 2021 and Beyond
Cybercriminals look for weaknesses in IT control systems, and for most schools, that is your staff. Cybercriminals monitor users and launch attacks that exploit their behaviors and habits. This has been evident throughout the COVID pandemic, as staff became remote workers overnight to comply with state and federal stay at home mandates, and their use of technology and devices shifted. Cybercriminals took advantage of this new work dynamic to launch phishing, vishing, ransomware, and a multitude of other attacks that targeted holes in schools IT controls and increased use of electronic communication, as many schools were more focused on remote service delivery than boosting their network security to adjust to the new work paradigm.
2020 saw a significant uptick in cybercrimes due to remote workers, with reports of nearly 25% of organizations incurring some level of additional expense to address cybersecurity breaches or malware intrusions. This number will only go up during 2021 as cybercriminals continue to evolve their approaches, attacking remote workers, unless organizations strengthen their systems and reeducate their staff.
New Methods of Connecting Remotely are Essential
In order to move to a remote learning environment, many schools worked with the systems they already had in place, which included allowing staff to VPN into the school’s server. While this provided an opportunity for people to quickly pivot, it opened many organizations up to increased exposure. According to the Department of Homeland Security, as VPNs are remote access into a server, they increase the susceptibility to hacking and ransomware, as cybercriminals find ways to exploit them. This doesn’t mean that organizations shouldn’t use VPNs, they just need to make sure that the VPN they are using is regularly updated as new patches are released. Software providers are constantly releasing patches to update their systems to block cybercriminals, but with increased staff working from home and working on their own devices, these patches may not be updated everywhere they need to be, leaving areas where hackers can use remote sites linked to a server through a VPN as a way of getting in.
With 400 million businesses and consumers using VPNs across the globe (according to GlobalWebIndex), it’s likely that we will continue to see VPNs targeted by cybercriminals in successful attacks. To combat this, organizations can look into implementing a zero-trust security model to limit exposure. This does not replace a VPN, but reduces risk as under a zero-trust security model, users have access to the smallest set of permissions necessary to perform their job responsibilities. So, even if a hacker gets into a system, they will be limited as to what they have access to. We anticipate increased reliance on zero-trust network access during 2021. Also, MFA (multi factor authentication) should be implemented as a vital aspect of effective Cybersecurity.
Enhanced Integration of Security Solutions
There a many different cybersecurity and network security solutions on the market, making it very difficult to oversee and manage the overall system security. As a result, more organizations will look to Secure Access Service Edge (SASE) frameworks to create a more holistic cybersecurity approach that includes custom access policy management, enforcement of security utilities, and monitoring from one central panel. SASE is a cloud based model that combines your different cyber and network security solutions into a uniform platform, making it easier to monitor and manage. More importantly, if company equipment is not an option, home networks and workstations need to be properly secured, monitored and maintained by the company’s IT department or a security professional.
Remote Operations are Here to Stay
While there is nothing positive that can be said about the COVID pandemic, the number of lives it took, the financial strain it created, and the disruption it placed on all aspects of our lives … it showed us that we can, with the help of technology, function in ways that we never thought possible before. It has accelerated our reliance on software, which will result in better information at lower costs, and opened up new ways to operate. Organizations will need to consider what their new normal is going to look like, as things will never go back to where they were before the pandemic. In determining what your corporate structure and work situation will look like going forward, it is imperative that you consider your IT environment and how to secure your organization in a more complete and forward-looking capacity.
On-line crimes reported to the FBI’s Internet Crime Complaint Center has almost quadrupled since the start of the pandemic, and its no wonder with more people spending time on their computers more than ever before. Add to that more users moving from secure, trusted networks to unknown potentially insecure networks, expect the number of cybercrimes to continue to rise during 2021. However, this shouldn’t stop organizations from adopting new technologies and continue to provide remote working opportunities for their staff, it just means that organizations need to be diligent and proactive in their security strategies and solutions to maximize the benefits of the new work environment they find themselves in without exposing themselves to additional risk.