Issue link: https://maltatoday.uberflip.com/i/1045682
maltatoday | WEDNESDAY • 31 OCTOBER 2018 11 BUSINESS ANALYSIS www.creditinfo.com.mt info@creditinfo.com.mt Tel: 2131 2344 Your Local Partner for Credit Risk Management Solutions Supporting you all the way YORAM SALINGER THE office isn't what it used to be. Where once workers would commute from their homes and make their way into a cu- bicle every day, the worker of today is just as likely to pull out a laptop and get their work done without even walking out their front door. The physical space we work in is changing. According to a recent study, 70 per cent of employees glob- ally work from home at least one day a week, while everyone from start-ups to Fortune 500 companies is moving their op- erations into co-working spac- es. And this isn't the only way the office landscape is chang- ing. Whereas once an entire workforce was hooked up to company-owned desktop com- puters, now employees are just as likely to work on their own laptop or from their personal smartphone. The new off-site work model has been made possible by collaborative work apps that let workers connect with of- fice servers and databases, and with colleagues inside or out- side the office via the cloud. And whether telecommuting necessitated cloud-based apps, or those apps facilitated a new way of working, their popular- ity has spilled over into the of- fice as well. It's not uncommon for entire teams to share files on Dropbox, communicate via Slack or Trello, or collaborate on documents using Google Docs, even when sitting in ad- jacent cubicles. The benefits of collaborative apps are even clearer for employers: rather than spending time and money mapping employees to secure company servers, they can outsource their business tools and map employees to various cloud drives. It's a great system – until it isn't. Collaborative apps are vulnerable to cyberattacks, both outside the office and in- side, and all it takes is one well- executed attack for hackers to be able to drop their malware into a worker's device and in- fect files – including files that can be uploaded to a compa- ny's intranet via collaborative apps. Part of the problem is that when it comes to securing cloud-based apps, it's unclear whether that security should come from the vendor or the consumer. But if organisations want to avoid the devastating losses that could come from an attack, they need to ensure the work apps their employees are using are secured against mali- cious content. Understanding the risks Unsecured Wi-Fi networks are everywhere, from the near- est coffee shop to an airport lounge a continent away or even in a shared workspace, leaving employees vulnerable to a hacker's infiltration. By uploading a keylogger or simi- lar malware, a hacker can easily steal a user's credentials to their collaborative apps. The mal- ware uploaded to the collabo- rative account via a document will infect anyone who opens it, and eventually that malware will make its way to the corpo- rate network, and to the data that the hacker seeks. But it's not just an out-of- office problem; workers inside the office who use collabora- tive apps are no more immune to attacks. Many workers inside the office use collaborative apps to share files internally and with third-parties, and these apps are not particularly robust when it comes to cybersecurity. A well-executed phishing email in which an employee opens up an attachment or clicks on a link that downloads malware to a device, or includes an attach- ment that has hidden malware that installs when the recipient opens it, could compromise employees who get them both inside and outside the office. If the document is uploaded to the working group's Dropbox account, for example, it could potentially infect the systems of anyone who accesses that doc- ument, spreading that malware to systems inside the office. Us- ing this method, a hacker could spread a keylogger to the office network, potentially stealing user credentials, and maybe even administrative creden- tials. BYOD (Bring Your Own De- vice), the mirror image of the remote worker phenomenon, is another reason for organisa- tions to worry. Additionally, those devices – the same ones employees use to watch You- Tube videos and do their work on at the coffee shop – means that when it comes to cyber- security, anything goes. Not only do employers lack control over the security protocols on employees' personal devices and are unable to know if they are up-to-date, those devices are using shadow IT security methods for protection – so when those devices connect to the corporate network, the IT department now has a very complex cybersecurity arena to navigate. Multiple devices, multiple operating systems, multiple cloud apps – they all amount to multiple threats, and require diverse security systems to protect them. And that may be out of the range of expertise, not to mention budget, of the organisation. New security for a new workplace The question for employ- ers – and employees – is how to manage such a complex risk environment. The dramatic solutions – banning BYOD, requiring employees to do all of their work in the office, and educating them on the danger of phishing attacks and inse- cure networks – are non-start- ers. Workers, especially young ones, want to work remotely; employees want to bring their own devices to work, and com- panies, saving money on hard- ware, are happy to comply; and efforts to educate employees to avoid falling for phishing scams have been flops. Standard security systems for devices, mostly AV systems, but also personal firewalls and other measures as well, are no match for what hackers can do. Even commercial sandboxes, touted for their ability to de- fend networks, aren't a full- proof solution. If companies are going to keep up with telecommuting and the associated changing security risks, they're going to need to adapt their strategy and tackle the vulnerabilities of collabora- tive apps head-on. That means that any company that allows its employees to work remote- ly, to use their own devices, or that utilises cloud-based col- laborative apps needs to take a strong look at how their infor- mation is being secured, and needs to implement a holistic cloud-based system for analys- ing and detecting the existence of malware in content across channels and across devices – one that triggers an alarm when something is out of place. If unauthorised activity is tak- ing place there, it could mean that a device has been hacked – and that device could be de- nied network connectivity to prevent it from infecting the network. Only then can or- ganisations rest easier, know- ing that while employees enjoy the benefits of remote employ- ment and easy collaboration, they can enjoy the benefits of enhanced cybersecurity. Yoram Salinger is CEO, Perception Point Telecommuting Is your company caught up? Collaborative apps are vulnerable to cyber attacks and all it takes is one well- executed attack for hackers to be able to drop their malware into a worker's device and infect fi les