Teleworking: how to protect companies against the resurgence of cyber attacks 2020, already a difficult year from a health and economic point of view, will be a milestone in terms of cybercrime. Cyber attacks have multiplied, often exploiting vulnerabilities related to remote work. The first lockdown demonstrated the resilience of a large part of our companies, driven by dedicated IT teams whose sole objective was the impossible task of getting three million employees to telework… in just a few days. As a manager of a major French bank told me recently, our IT specialists were the unloved ones, they became our saviors. Mission fully successful. At the expense of security? A recent survey conducted by the IT publisher Avira indicated that 77% of French people have not strengthened the security of their computers. This number is particularly alarming given that 55% of them work from their personal computers. It is even more questionable given that 62% of employers have not provided their employees with cyber security solutions. While cyber attacks have multiplied since the first lockdown (+569% according to Interpol and +600% according to the UN), what should companies expect in the coming months, both in terms of risks and consequences? And above all, after dealing with the emergency, how can they now protect themselves effectively, quickly and at limited cost? More threats and consequences than expected With the massification of teleworking, the list of threats to companies is growing and the vulnerabilities are more and more numerous. Hackers can exploit more weaknesses and these vulnerabilities are “easy”: the use of a VPN (virtual private network), the oldest technology for secure access to our organizations, by a collaborator from his personal computer that would be infected, is the immediate open door to a massive hacking of the entire organization. Cyber attacks can take several forms: ransomware, malicious software that hijacks company data until a ransom is paid; DDOS attacks (or denial of service attacks), which aim to make a service unavailable and prevent its legitimate users from using it; keyloggers, a few lines of code that record keystrokes and save them, without the user’s knowledge, in order to retrieve passwords, for example… Cyber attacks are also more devious: a company does not necessarily know when an intruder has penetrated its network, giving him plenty of time to prepare a major attack. By the time the target discovers the intrusion, it is often too late, and it is always a sign of incomplete preparation. Against cyber malware, prevention is always an obligation, even though it is not sufficient. Indeed, once the attack is discovered, its consequences can be major. While companies may be faced with a more or less long-lasting loss of business or the payment of a ransom, they may also see their intellectual property hijacked, become victims of economic intelligence, lose important markets, or see their reputation permanently tarnished. Questioning preconceived notions for protection against cyber attacks To help protect against hacking, prevention involves redefining rules and best practices, and implementing cyber security “barrier gestures”. Many organizations are now focusing on the maintenance in operational condition (or MOC); they need to replace this doctrine with MSC – or “maintaining in safe conditions”. They also need to question preconceived ideas and reflexes such as the use of the VPNVirtual Private Network. VPN is a technology that simulates a local area network between two trusted networks. In practice this allows two elements (workstations, servers, printers, etc.) to communicate with... More, by favoring approaches that are now recognized as the Zero Trust Network Access (ZTNAZero Trust Network Access. The ZTNA is a name describing products that apply a "Zero Trust", or lesser privilege, policy in the area of external access. The objective is to... More) giving access to only those resources that are useful to the employee. This is also the case for authenticationPrimary or secondary authentication Authentication allows a user to guarantee his or her identity before accessing a resource or service. Primary authentication will give user access to the workstation (Windows... More methods and policies, some of which are so restrictive that employees have to write down their passwords to remember them. It is now possible to strengthen authentication without any additional constraints for the user, for example with artificial intelligence that can identify users based on their behavior on their workstation. To summarize, companies need to find a balance between procedural and operational security and complement their controls and audits with full-scale testing. They will also need to rethink their business continuity plans to enter a resilience by design operation, integrating the crisis as a manageable situation rather than as an external event that requires a specific (re)action. 2020, already a difficult year from a health and economic point of view, will be a milestone in terms of cybercrime. Cyber attacks have multiplied (between six and seven times more, depending on the sources) and, without this being a surprise, it is impossible to expect an ounce of solidarity or humanism from hackers. It will probably take several years before we can measure the real impact of these attacks – some of which are dormant – on companies and their employees.