The current crises have turned the world of work upside down and have given rise to new risks and vulnerabilities within the company itself. According to the Ugict-CGT survey, published in September 2021, 98% of employees want to continue teleworking after the health crisis. Another survey published by F-Secure in recent days highlights that 67% of remote workers say they worry more about their online security and privacy compared to 58% of employees who work on site.
Added to this are the latest recommendations from government agencies to strengthen cybersecurity in response to the evolving Russian-Ukrainian conflict. In France, the ANSSI warns against possible attacks and specifies that “the implementation of cybersecurity measures and the reinforcement of the level of vigilance are essential to guarantee protection at the right level of organizations”.
Employees, a privileged target
In recent years, the increase in emails, instant messages and even videoconferences have considerably increased the risks.
With teams dispersed in different locations, the risks of phishing and scams increase: hackers can indeed more easily distract employees with fake emails and take advantage of security vulnerabilities linked to teleworking. Thus, according to a study by Proofpoint, 83% of respondents said that their company had experienced at least one conclusive email phishing attack in 2021, an increase of 46% compared to 2020.
Employees carry their computer, work from public places, sometimes use their personal terminals to work… Unwittingly, they can thus be the source of data leaks by clicking on a bad link, for example, by giving access to an unauthorized person or by exposing confidential information.
Better consideration of security issues by companies and employees
In this context, companies must make their teams aware of potential risks and train them in good practices. This involves, for example, the means of identifying fraudulent emails, reporting any suspicious activity or even controlling access to sensitive information.
The regulations and safety standards in force must also be scrupulously observed. This is accompanied by attention to the standards used by suppliers so that they are in line with those of the company and that they do not weaken the existing infrastructure.
Data is the wealth of a company, it is therefore essential to ensure their storage and protection methods so that in the event of a fault, they are accessible and that a resumption of activity is possible quickly. This system can be supplemented by a regular audit by third-party organizations on the SOC2 and SOC3 standards, providing a guarantee and a surety to users and customers.
Security at the heart of business communications
Beyond this first rampart, video meetings can be secured thanks to access control (password, waiting room) and dynamic end-to-end encryption (D-E2EE). The latter allows conversations to be encrypted, so that even the solution provider cannot access the data.
Encryption can be enabled during a conversation, allowing privacy to be guaranteed when needed and certain features (like recording) to be used at other times. It can be activated during an individual interview when salary issues are discussed, during meetings including confidential information on customers (current contracts, figures, etc.) or during management discussions on confidential information (future acquisitions, financial results).
Finally, an identification and authorization system is essential to guarantee the highest level of security. ANSSI recommends strong authentication requiring the use of two different authentication factors (a password, an unlocking trace or a signature, a material medium or another code received by another channel such as SMS). The use of a single sign-on (SSO) system allows this level of security and centralizes access to employee tools, thus simplifying their identification.
As companies enter a new era with dispersed teams, it is essential for them to assess and study new risks to prepare, train and equip themselves with solutions guaranteeing secure communication and collaboration.