COVID risks for remote working and small businesses
Amid the financial strains small businesses are enduring throughout the COVID-19 situation, a new data breach has arisen from attempts to provide relief. Unfortunately, it appears that in their haste to process relief loans, the US Small Business Administration (SBA) developed an application without sufficient protection. Hence the breach. Almost 8,000 people had their personal information exposed, although we’ll have to wait and see if any was stolen by cyber criminals.
The systems in place for the relief program were not up to the speed with which the SBA needed to build their app, and according to consultants, this resulted in a security bug. And the number of businesses applying for the loan meant that testing the application didn’t necessarily reflect its security on a larger scale.
Outdated security architecture is obviously an increased problem during this pandemic, but IT leaders are also concerned about the risks posed by remote working itself. In the UK, 57% view their remote workers as a security risk, and 44% claim that remote workers had knowingly put data at risk during the last year. This might be a surprising revelation, but analysts attribute it to security apathy, a lackadaisical attitude by employees towards data protection. IT leaders within an organization should consider it an equal part of their responsibility to get their staff on board with strong cybersecurity efforts, discouraging apathy and promoting collaboration. A strong front is the only way to proceed. People already make enough mistakes when they do care. Especially when you consider that a leading cause of data breaches remains employees accidentally putting data at risk (33%).
With this in mind, organizations are increasingly recognizing their own vulnerabilities and enforcing stricter security measures, when it comes to practices such as employees accessing the network through their own devices. This can be the most complicated aspect of remote working, given the sheer volume of devices people use. The number of people working remotely these days is another factor. “Strengthening endpoint controls allows organizations to trust in the integrity of their data and systems wherever the employee is accessing them, and whatever device they’re using,” says Jon Fielding, Managing Director EMEA at Apricorn.
There is no shortage of risks brought on or heightened by the outbreak of COVID-19. The best thing businesses can do is ensure their security architecture is capable of dealing with remote workers, as well as reexamine their data security strategies to account for this new scenario.