Robert C. Reeves, CPA, CFE Audit Manager

Cybersecurity Challenges in Today’s Work Environment

6.28.23

The response to the COVID-19 pandemic demonstrated that remote and hybrid work models are viable for many companies, which has potentially changed the landscape of business forever. Today, remote and hybrid work models have become standard options for most professionals. While working from home is convenient and has many benefits, it also exposes both individuals and businesses to a range of cybersecurity risks. Cybercriminals are seizing on this shift by exploiting vulnerabilities in the infrastructure that enables remote work. The necessity of more rigorous and powerful cybersecurity is at its peak, and it is important for organizations to know their exposure to risk and plan for ample protection.

Among the greatest cyber risk factors in remote work environments are the following:

    • Expanded Attack Surfaces. With employees at multiple locations, organizations now have more endpoints, networking and software to secure.
    • Unsecured Networks. Remote work increases the chance that employees will use unsecured networks, such as public Wi-Fi.
    • Vulnerable Hardware. Remote work increases the use of personal devices and the lack of skill to ensure home routers, laptops and smartphones were properly updated and adequately secured.
    • Social Hacking.Hackers are becoming increasingly more sophisticated in their socially engineered attacks. They may use well-engineered phishing emails that contain malware links or documents. Phone calls may also be used to gain unwarranted information.
    • Cloud Data Storage. This includes choosing the right provider for cloud data storage, breaches through Application User Interface, cloud abuse and misconfigurations in public cloud networks.
    • Lack of Security Talent. Staffing challenges and struggling to recruit qualified IT and cybersecurity talent can present massive risks to a company’s security.
    • Weak Security. Employees tend to use weak or predictable passwords and don’t incorporate two-factor authentication.
    • Patch Management of Software.Not keeping software up to date can create critical vulnerabilities that could be exploited.
 What are some best practices for business protection?
    • Perform a cybersecurity risk assessment to find an organization’s IT vulnerabilities and address them.
    • Make sure sensitive data is properly password protected. This includes data stored on laptops, removable drives, mobile devices, cloud-based services and even hard copies of records.
    • Keep software updated to protect against any weak links that could be exploited.
    • Contract with an outside cyber security provider that can perform network penetration tests and expose vulnerabilities in your network.
    • Implement a security monitoring system to become aware of potential problems.  Automated monitoring systems by third-party organizations with alerts reviewed should be implemented as soon as possible.
    • Ensure employees are consistently trained in IT security policies, including protocols for when breaches occur.
    • Develop and test a continuity plan for when unexpected events occur.
    • Obtain a cybersecurity insurance policy that can help to mitigate the cost of damage incurred when breaches occur.

Businesses need an expanding suite of security capabilities to protect against advanced cyber-attacks. Prevention and detection-focused security practices help protect your business from cyber-attacks and define a clear course of action if there is a data breach attempt. Ultimately, following some basic best practices, such as those listed above, helps shield private data from unauthorized access and ensures your company’s ability to operate smoothly in today’s remote working environment.

Dannible & McKee specializes in Service Organization Control audits and consultation to implement proper controls and has vast experience with many businesses across a wide range of industries. Our professionals can help assist with the design, implementation, and assessment of internal controls, including those surrounding electronic data and cyber security to keep your company’s data safe.

Contributing author: Robert C. Reeves, CPA, CFE, is a senior audit manager with over seven years of experience providing audit, review, compilation and consulting services to a variety of clients with a focus on the manufacturing, construction and architectural and engineering industries. Bob also specializes in providing audits of employee benefit plans, working with clients to help identify and resolve accounting issues, and has an extensive background in discovering, investigating and resolving fraud cases. For more information on this topic, you may contact Bob at rreeves@dmcpas.com or (518) 836-5661.