Telecommuting is now the norm in many organizations. Are businesses more at risk of cyberattacks? How to better protect yourself in a remote work context? Expert advice.
Telecommuting is not a risk in itself
Logging in remotely and using employer equipment from home appears to be a risk factor. However, Guillaume Clément, partner at KPMG, cybersecurity services, qualifies this perception from the outset. According to the expert, when the appropriate security measures are implemented, teleworking is as safe as face-to-face. It is more the context of crisis in which teleworking was implemented that created a risk: “In a cloud computing world, it is less and less true that teleworking poses a problem. However, in the emergency of the pandemic, some security mechanics may not have been implemented everywhere perfectly. Access had to be given to all employees overnight. It is above all this context that generated a potential weakness. »
One password is good, two is better
Although companies are increasingly developing the culture of security, continuous employee awareness remains one of the most effective weapons against attacks. According to Guillaume Clément, systematically doubting the content sent to us is a good practice. He also points out that certain advanced protection methods are now the rule: “In 2023, in teleworking, it is not normal that you can connect to a remote network or a cloud service with a single password. Multi-factor authentication systems are the norm today. »
Target humans remotely
Several classic cyberattack techniques aim to trick humans rather than systems. Phishing or scams that impersonate a manager to obtain confidential information are not new strategies. However, Guillaume Clément explains that the risk associated with these schemes can be exacerbated when employees work alone: “When working from home, communication between colleagues is less direct. One cannot simply turn to another member of his team to verify the origin of a questionable communication. You have to write to him or call him. This can become an additional opportunity for cyber attackers. »
Good practices in computer security
Some simple strategies may seem obvious, but they are the first line of defense in cybersecurity. The KPMG specialist points out that updating software and workstations is extremely important: “Several attackers look for easy flaws, in particular security software that is no longer up to date. A next-generation antivirus is essential to its defense strategy. He also stresses that it is important to keep external backups that are not connected to your network in order to prevent criminals from seizing them or encrypting them.
Are SMEs more at risk?
It depends. In general, attackers are opportunistic and SMBs have fewer security resources than large corporations. However, all things considered, it is easier for a small company to be in good shape than for a large company. Hackers look for tiny loopholes and complex organizations offer them a world of possibilities. Guillaume Clément emphasizes that SMEs are not necessarily less attractive, but that with reasonable means, they can protect themselves well.