The scramble earlier this year to shift entire businesses to remote working almost overnight showed just how nimble and adaptable Australians can be, and that we can be productive working from just about anywhere. But it also put many Australian businesses in a more cyber-vulnerable environment. As employees and employers felt the benefits of logging-on from the home ‘office’, it became clear the way we work will never be the same. These benefits however, are not without risk. In a new study, Telstra commissioned Forrester Consulting to look at the implications of remote working on cyber security and the steps businesses can take to secure a hybrid workforce.
The way we work was already changing before COVID-19 hit us. While the digitisation of our workforce was slowly evolving, few companies were prepared for a full shift to remote work. What COVID-19 has done is dramatically accelerate the shift to working from home as a new normal. In March 2020, in just shy of a month, almost every Australian office worker found themselves operating from home and connecting with colleagues over video.
What followed, however, was a nationwide heightening of cyber security risk. In the rush to secure organisations and ensure overnight remote digitisation, many businesses and their teams unintentionally took part in behaviours that put themselves and the companies they work for into a cyber-vulnerable position. This included signing up for multiple free tools and collaborative online applications, to securing sensitive work devices to vulnerable home networks.
As though waiting in the wings, cyber criminals quickly swooped in to take advantage of digital environments made vulnerable by COVID-19, with a host of scams and complex attacks. The stark rise in hacking attempts grew and triggered a response from the Federal Government announcing multiple businesses had been targeted by sophisticated online attacks and increased diligence was required.
The Federal Government established an Industry Advisory Panel to provide strategic advice on Australia’s 2020 Cyber Security Strategy, which recently delivered its recommendations ahead of the Strategy being announced.
While Australia’s 2020 Cyber Security Strategy will play a part in helping, we know that cyber security is everyone’s responsibility and businesses require a comprehensive and long-term response to ensure remote working security.
To really understand what this looks like for Australian businesses, we asked Forrester Consulting to explore the challenges of cyber security and remote working and how businesses can secure their new-look workforce.
The rush home
The research revealed a rush from businesses to patch holes and support a remote workforce facing increased risk and exposure. From an estimated 16 per cent remote workers pre-pandemic to a staggering 68 per cent at the peak of restrictions in Australia to date, many businesses say they weren’t ready for a scenario of this magnitude. Many simply did not have essential security practices in place to safeguard an increased remote workforce.
Unsurprisingly, businesses revealed they were unprepared for cyber attacks. Just 52 per cent said their organisations’ business continuity plans were equipped to address cyber attacks and/or other security incidents. What’s more, 46 per cent said they did not feel they had sufficient tools in place to support employees’ use of mobile devices – pre-pandemic.
The reality is cyber security is an ever-evolving chess game and as businesses committed to mastering the rules, the game suddenly changed.
The five immediate priorities
Hybrid working looks like it is here to stay. Australian businesses are anticipating a higher rate of remote workers post COVID-19. Some 42 per cent of businesses expect they will permanently maintain an increased remote workforce. Quick fixes that have helped businesses tread water in the face of unprecedented displacement won’t cut it for a permanent hybrid workforce.
As COVID-19 restrictions adjust in Australia, our report found five immediate priorities businesses can explore to secure their hybrid workforce.
- Streamline security investments
- Train employees to be cyber safe at work and on the move
- Keep VPNs running and as secure as possible in the short-term
- Invest in Zero Trust network access to replace aging VPNs in the long-term
- Build a reliable security foundation for personal devices
Streamlining security investments can make things simpler and more cost-effective for businesses facing COVID-19 economic realities. For example, businesses can concentrate spending with their strategic partners. Trimming down a vendor list forces us to think about which vendors provide the solutions that are critical to future growth, and also builds deeper relationships.
As the Telstra Security Report 2019 found, employees can be a company’s best asset, but also the greatest risk when it comes to cyber-security. Above everything, it’s critical to train and advise employees to be cyber safe at home, at work, and on the move. And this isn’t a once-off. It’s on-going and evolving. Earlier this year, the report cites a 600 per cent global increase in phishing and malware attacks. This means we need an equal increase in employee alertness and preparedness. By running regular phishing simulations team members grow more and more aware of what to look out for. Anti-phishing best practices include a strategic mix of technical controls, employee education, and incident response.
The report recommends that in the immediate term, businesses keep their VPNs running and as secure as possible – this is vital. But in the long term, there’s an opportunity to invest in Zero Trust network access to replace aging VPNs. These reduce the network threat surface and have features that are more secure than VPNs, such as least-privilege.
Finally, it all comes back to building a reliable security foundation for personal devices. This includes not allowing unmanaged devices on business networks, enhance security posture with multifactor authentication, and revisit security threats in the business continuity plan.
Telstra has been a leader in cyber security for over a decade, not just protecting our own network, but also helping our Enterprise customers manage their risk and protect data. In addition to our range of security products and services, Telstra Purple, our professional and technology managed services businesses, can provide guidance and help develop your strategy on how to address these priorities for your business, right through to providing a fully managed service. If you need help or more information please contact your Telstra account executive.
The way forward
Australian businesses have been thrust into an incredibly challenging situation. To help hybrid workforces succeed, I believe there’s an opportunity to scale solutions that not only maximise the productivity of workers, but also maintain security wherever they choose to work — at home, in the office or on the move.