Businesses in Nigeria are facing a range of new challenges due to the implementation of new government policies, including the elimination of the petrol subsidy and the development of a parallel foreign exchange rate market.
BENEDICT JOSEPH OLUWASEUN B.Sc., MBA, M.Ed, M.Sc. Information Security & Digital Forensic, CISA, CISM, CRISC, CEH, PMP, ISO 27001 LA, PMP believes these policies have compelled organizations to reassess their operating models and adapt to a remote or hybrid mode of work.
However, this shift has also brought about an increased concern for cybersecurity, as the reputational, operational, legal, and compliance repercussions of ignoring cybersecurity risks can be severe.
Therefore, it is crucial for organizations, particularly small and medium-sized businesses, to consider the impact of this new way of working on cyber risk and take proactive measures to decrease the likelihood of cyber-attacks.
While some Nigerian government has encouraged remote/hybrid working as part of their efforts to revive the economy, this has led to an increased reliance on technology in both professional and personal lives.
However, many organizations have not adequately provided a secure remote working environment. While traditional in-person business meetings have been replaced by virtual ones, the risk of cyber-attacks remains a significant concern.
One simple attack pattern commonly used by cybercriminals is the compromise of end-user accounts. This is often achieved through phishing scams, where employees are tricked into clicking on malicious links, downloading malware-infected software, or providing their login information on fake websites.
Once an employee’s account is compromised, cybercriminals can escalate their privileges and gain access to the network, allowing them to move around undetected for extended periods, spreading malware or stealing sensitive data.
It is evident that many businesses, especially small and medium-sized enterprises, were not adequately prepared for the surge in sophisticated cyber-attacks brought about by remote working.
There is a pressing need to increase cybersecurity awareness and strengthen security measures.
In the rush to enable remote working capabilities, cybersecurity was often not given sufficient priority. For instance, some companies failed to ensure that personal devices used by employees had standard security protections in place.
While virtual private networks (VPNs) are commonly relied upon for secure remote access, they should not be solely relied upon as they have limitations.
Instead, companies can implement non-intrusive security measures, such as host checking, which validates individual requirements on personal devices before allowing access to corporate applications.
It is also important to promptly apply patches to address vulnerabilities in VPNs when they are discovered.
Both companies and employees can take various steps to enhance cybersecurity while working remotely.
Employees should install antivirus and malware software on their personal computers, be educated about best practices for handling emails and other content, and exercise caution when it comes to identifying phishing attempts.
They should also secure their home Wi-Fi networks with strong passwords and consider using VPNs for an additional layer of protection.
Companies, on the other hand, can adopt basic cybersecurity strategies such as identifying and patching vulnerabilities, conducting regular cybersecurity risk assessments, and updating business continuity plans to include cyberattack scenarios.
More advanced measures include implementing new technologies and tools, utilizing cyber threat intelligence, implementing governance, risk, and compliance (GRC) solutions, and conducting frequent cyber crisis simulation exercises.
In conclusion, cybersecurity should be given extra attention in light of the growing threats during the pandemic. Businesses need to be proactive in addressing these threats and focus on preventing successful cyber-attacks rather than simply responding to them.
Secure remote working capabilities are crucial in mitigating cyber threats, and companies must assess their exposure to these threats and take actions to limit their impact.
It is important to recognize that cyber-attacks can have devastating financial consequences and that businesses should not only focus on prevention but also invest in detection, response, and recovery capabilities.
By prioritizing cybersecurity and implementing effective security measures, businesses can reduce the likelihood and impact of cyber-attacks, ensuring the resilience of their remote working practices.