COVID-19 has led to sackings over breaches of cybersecurity policies

26 Aug 2020

Thirty-nine per cent of UK business decision makers have admitted to dismissing staff members due to a breach of company cyber security policy since the start of the COVID-19 outbreak, according to new research.

The survey of UK business decision makers, conducted by independent polling agency Censuswide, also revealed that almost two-thirds (65%) of companies have made substantial changes to their cyber security policy in response to COVID-19 and remote working. Despite this, 58% agreed that employees are more likely to try and circumvent company security practices when working from home – indicating a fundamental flaw in the execution of security measures in a remote-working model.

In an effort to combat poor security practice from employees, 57% of business decision makers revealed that they are currently implementing more measures to securely authenticate employees. Such measures include biometric data checks, such as fingerprint and facial recognition technology, and other multi-factor authentication steps when gaining access to certain applications, files and accounts.

Also, more than half (55%) of businesses already have, or plan to, formally ban staff from using personal devices to work from home.

Andy Heather, VP at Centrify, commented:

“With more people than ever working from home and left to their own devices, it’s inevitable that some will find security work arounds, such as using personal laptops and not changing passwords, in order to maximise productivity. It’s also possible that changes in security procedures are not being communicated well to employees, and many are practising unsafe internet usage without even realising.

“The reality is the weakest link in any organisation continues to be the human element. Combatting this issue starts from the top. CIOs and business decision makers must implement strict and transparent, cloud enabled and identity-centric security solutions. This will allow companies to quickly and safely deploy scalable security privileged access management measures, which make it impossible for an employee to access company networks, applications and data, unless they are following correct procedures.”

Professional services network PricewaterhouseCoopers (PwC), has produced an in-depth report on managing the impact of COVID-19 on cyber security.

It states that, as organisations move away from their physical premises and become increasingly reliant on remote access technology, any disruption caused by cyber security attacks or IT outages will have a significantly greater operational impact. Furthermore, the usual manual or physical workarounds used to overcome these issues may be unavailable.

PwC advises that organisations should take three key actions to mitigate these emerging risks:

1. Secure newly implemented remote working practices:

Monitor for shadow IT and move users towards approved solutions.
Ensure remote access systems are fully patched and securely configured.
Ensure on-premise security controls still apply to systems when they are not on the internal network.
Monitor remote access systems, email and Active Directory for anomalous logins.
Monitor and react to issues encountered by employees with remote working.
Support people to work safely and securely from home.
Review tactical actions and retrospectively implement key security controls which may have been overlooked.
Ensure remote access systems are sufficiently resilient to withstand DDOS attacks.

2. Ensure continuity of critical security functions:

Organisations should prioritise reducing reliance on people, as well as maximising the use of process and technology to perform key cyber security activities. They should closely follow official medical advice, including on when the peaks in the number of COVID-19 cases are expected in countries. This will allow organisations to plan for these peaks and the higher numbers of employees likely to be absent from cyber security teams.

Identify and monitor critical security activities to ensure continuity.
Confirm patching processes are functioning, including for laptops connected remotely.
Secure internet-facing applications and services.
Implement IT change freezes on high-risk systems if normal processes cannot be followed due to workforce shortages.
Review how privileged users are going to perform administration.
Ensure there are the people, process and technology capability to detect and respond to cyber-attacks.
Update incident response plans and playbooks to ensure they function with a workforce primarily working remotely.
Deploy asset management tooling to ensure continued visibility as systems are moved away from the internal network.

3. Counter opportunistic threats taking advantage of the pandemic:

Target additional awareness and communications where emerging threats arise.
Provide specific guidance to employees to be extra vigilant when it comes to requests for personal or financial information, or requests to transfer money.
Mitigate the increased risk of insider threats in the event of redundancy or termination.
Mitigate the increased risk of phishing with technical controls.
Apply quick-win technical controls across the IT estate where possible.

These points are all discussed in-depth in the PwC report, which can be accessed here.