Amid the challenges of lockdown, a new survey shows the biggest cybersecurity concerns are for different sectors.
Password security and inadequate back-up and recovery are the biggest cybersecurity threats for firms, according to a new survey.
The survey by Specops Software was conducted early last week after lockdown when many have been forced to work from home, often on their own devices, bringing a range of security issues. One hundred senior managers in each of 14 sectors were asked what their biggest cybersecurity concern was.
It found that in almost a quarter of sectors ‘reduced password and passcode security’ was the biggest cyber-security concern with 76% of senior staff in the computer and IT, travel and hospitality, charity and voluntary work and media and internet sectors saying password attacks were a particular worry.
Specops Software say using your own device may bring greater threats from password hacking if workers don’t have adequate antivirus software, customised firewalls and automatic backup on their own computers if they are using them during lockdown instead of work-supplied equipment. It has noted an increase in phishing, malware and password spraying since lockdown.
The second most common cyber-security concern was ‘inadequate backup and recovery’, with the medical and health,
education and training and creative arts and design sectors selecting this as their biggest security concern.
Customer service and business, consulting and management sectors, however, felt getting workers to follow security protocols was their biggest challenge while accountancy, banking and finance and law chose tracking and managing assets.
Only the sales sector chose ‘GDPR compliance’ as the biggest cyber-security concern while recruitment and HR and Marketing, Advertising and PR highlight third party access to video/webinar as their greatest worry.
Darren James, Product Specialist and Security Expert at Specops Software, said: “We’ve already seen that the COVID-19 pandemic has been used as another vector of attack especially around phishing attacks. This makes it more important than ever that a “unique” password, or even better a passphrase, and where possible 2FA [two factor authentication] or MFA [multi-factor authentication], should be used.
“Anyone working from home that is known to be using a compromised password should be encouraged (enforced) to change it as soon as possible. Users also face genuine problems with password expiry and notification of password expiry, the native tools don’t really give the admin a lot of options, so a user’s risk of being locked out of their accounts for an extended period of time is much greater than in the past.
“Finally, organisations need to make sure that they have a robust leavers policy and process in place. If someone does leave the organisation then their access must be removed in a timely manner, and any company devices that they may have should be securely wiped. The BYOD [bring your own device] scenario brings a lot of challenges to this subject.”