Enterprise use of VPNs has increased by 33 percent, and use of Remote Desktop Protocols (RDP) has increased by about 40 percent over the past month as companies respond to COVID‑19 by having employees work from home. These systems increase the risk of a breach of company IT systems as they are inherently less protected than onsite systems and as employees use external access systems that they are less familiar with.
While the dramatic increase in the use of these external access products to corporate IT systems is unavoidable due to movement restrictions imposed across the world, the increase in breach risk is something that companies will have to grapple with for the foreseeable future. This is placing particular stress on companies that have underinvested in employee training (including cyber hygiene) or that do not have robust IT support procedures and policies already in place to manage the risks posed by a remote workforce.
The movement restrictions that led to work-from-home policies were implemented in many cases in a matter of days or hours, and so there was little time for companies who had underprepared for a remote work scenario and undertrained their staff in proper cyber hygiene to mitigate these risks. This underlines the point that cyber governance (including strong hygiene, policies, processes) is something that companies must invest in on a continuous basis and is not something that can be “dialed up” when cyber risk suddenly increases.
These strains on networks created by remote workforces also illustrate why companies with good cyber governance are better prepared to manage through the current COVID‑19‑induced shocks than companies with poor cyber governance.