People were working from home before the pandemic. But, the pandemic has increased that number significantly and amplified the need for more remote workers in certain fields. The biggest challenge with the remote work world is strong security.
One way businesses have accessed confidential client information is by adopting the zero-trust model. By always verifying employees accessing the data, companies are able to protect breaches.
Using identification confirmation adds a layer of security in remote environments that is much needed. Biometrics for example are an excellent option to protect the company.
AI is another key player in protecting sensitive information and detecting any threats. If the system detect an irregularity, it can lock the user's session and prevent anyone from viewing the employee's screen too.
Privacy violation is a valid concern that employee's may have. However, the solutions suggested like biometrics or AI should be active when the employee accesses confidential information, not necessarily all the time. Employees don't have to worry about their computer watching or listening to them 24/7.
Of course, these systems don't get installed without consent and knowledge. The idea is security, not surveillance. It is a system guarding confidential data and watching the network.
Cyberattacks are on the rise in Canada and this increase won't be slowing down anytime soon given remote work, new technology, and devices. There was a cyberattack on a Newfoundland and Labrador health-care system that may be the worst one in Canada shared David Shipley, cybersecurity expert.
The ransomware attack delayed thousands of appointments and procedures.
Any attack on an organization can lead to financial and reputational loss, however an attack on any healthcare facility can additionally lead to life or death situation and put patients at risk. Since the pandemic, Shipley shared that over 400 hospitals in Canada and U.S. have been subject to ransomware attacks.
After the attacks, the federal government's IT security agency, said it's in communication with N.L. provincial officials "we are actively engaged with government and non-government partners, sharing cyber security advice and guidance, mitigation, and operational updates," said the statement."
Not many details have been provided other than the fact that an attack happened and there are disruptions due to it. It was noted that the attackers could be monitoring the media and the government wouldn't want to reveal too much.
The 2021 State of Privacy and Security Awareness Report includes responses from 1000 employees in small and midsize businesses (SMBs) and large corporations in the United States.
The report found that employees could not identify social engineering attacks, security expectations for standard and privileged users, and how cybersecurity risks could adversely affect their employers. Overall awareness of common cyber risks was lacking.
It turns out employee awareness of cyber risks is lowest in government and healthcare sectors.
Employees in government and healthcare had the least understanding of social engineering attacks such as impersonating someone is actually super common these days.
These include: phishing, business email compromise, vishing, and smishing.
Although COVID-19 disrupted cybersecurity training and employers were simply rushing to transform in-person work to remote work, any training that employees received had a positive impact on their awareness.
Interestingly, government and healthcare had the highest percentage (65% and 59%) of employees who continued receiving cybersecurity training during the pandemic yet the lack of awareness on cyber risks was the lowest.